Intrusion detection system and method based on kernel module in security gateway system for high-speed intrusion detection on network

摘要

PURPOSE: A kernel based fast IDS(Intrusion Detection System) of a security gateway and a method thereof are provided to offer a stable and improved performance by receiving a packet from a card device collecting the packet and performing filtering fast, and analyzing the packet in a kernel area. CONSTITUTION: A packet information extractor(210) transfers the packet information filtering the actually received network packet to an upper analysis module. A fast intrusion detecting tool(220) gives an alarm if intrusion is detected by comparing the packet information received from the packet information extractor with a previously defined intrusion pattern on a kernel level. A system controlling/managing tool(230) generates an alarm message of the alarm is received from the fast intrusion detecting tool and provides the information for updating the intrusion pattern to the fast intrusion detecting tool on an application level.