Intrusion detection apparatus and method using pattern matching technology based on perl compatible regular expressions

The present invention provides a device and a method for detecting network intrusion which perform perl compatible regular expressions (PCRE)-based pattern matching for a payload of packet using a network processor having a deterministic finite automata (DFA) engine. For the purpose, a device for detecting network intrusion according to the present invention includes: a network processor core for receiving packets from a network and transmitting a payload of the received packets to the DFA engine; a detection rule converter for converting a predetermined PCRE-based detection rule into a detection rule which has a pattern to which an only PCRE rule corresponding to the DFA engine is applied for detecting attack packets; and the DFA engine for performing PCRE pattern matching for a payload of packets based on the detection rule converted by the detection rule converter. [Reference numerals] (100) Detection rule converter; (220) Network processor core; (240) DFA engine; (AA) Detection rule; (BB) Packet; (CC) Intrusion detection result