Apparatus and method for improving detection performance of intrusion detection system

Provided are an apparatus and a method for improving a detection performance of an intrusion detection system which promote the optimization of detection rules by enhancing right detection rate of intrusion detection rules in the intrusion detection system. The provided apparatus comprises a deformation detection data generating part for changing original detection data detected based on current detection rules into deformation detection data according to deformation detection data rules; a deformation detection data classifying part for classifying the deformation detection data according to each attack type, classifying the deformation detection data for each attack type according to each current detection rule, and classifying the deformation detection data for each detection rule according to each of right detection/wrong detection; a deformation keyword tree generation part for generating a right detection deformation keyword tree and a wrong detection deformation keyword tree based on a result from the deformation detection data classifying part; a right detection path identifying part for comparing the right detection keyword tree with the wrong detection keyword tree to generate a right detection node, and identifying a right detection path connecting a reference node to the right detection node in the right detection deformation keyword tree; and a right detection pattern generating part for generating a right detection pattern based on the identified right detection path.