Abstract: A method of and apparatus for searching for a signature in a packet according to a signature location. The method may include extracting a sub-payload to be compared with a signature from a payload of a packet, generating an offset that is location information about a location of the sub-payload in the payload, generating a search key that includes the extracted sub-payload and the generated offset, and performing ternary content addressable memory (TCAM) matching to check if the generated search key matches a TCAM entry.

Abstract: A network apparatus and method of classifying received packets in a security system, the method comprises parsing a received packet and extracting a payload from the parsed packet; scanning the payload to check whether or not a predetermined signature code is included in the payload; if it is determined from the result of the scanning that the predetermined signature code is included in the payload, generating a presumptive signature based on information included in the predetermined signature code; and determining whether or not the generated presumptive signature is identical with a signature corresponding to the predetermined signature code, and allocating an classification identifier (ID) to the received packet according to the result of the determination, thereby classifying the received packet according to the classification ID, wherein the predetermined signature code is formed by a part of the signature corresponding to the signature code.