Multiple Intrusion Detection Objects in Security Gateway System for Network Intrusion Detection

PURPOSE: A security gateway system using multiple intrusion detection objects and an intrusion detection method are provided to judge whether intrusion occurs, by generating the multiple intrusion detection objects on the basis of object-oriented modeling and analyzing contraction observation data with respect to a network packet according to each intrusion detection object. CONSTITUTION: A network packet information extracting and transmitting device(205) receives a network packet from a lower network layer, and generates contraction observation data. A network intrusion detection performing device(203) analyzes whether intrusion occurs by the contraction observation data generated in the network packet information extracting and transmitting device(205), and provides the analyzed result. An intrusion pattern database(204) stores intrusion patterns required for judging whether the intrusion occurs in the network intrusion detection performing device(203). A cyber patrol agent(202) manages the entire security gateway system, and generates and transmits an alarm message. An alarm processing device(201) transmits policy and the alarm message from the cyber patrol agent(202).