1. A method for multi-pattern matching in a network intrusion detection system (NIDS) including a processor and memory, the method comprising:a moving step of moving, by the processor, a moving window from the start of a payload string in a payload of a packet one byte by one byte;
a DF1 checking step of converting, by the processor, a string on a current position of the moving window into an integer value, and of checking, by the processor, whether or not a bit of a related position in a first direct filter DF1 stored in the memory for patterns having lengths larger than 2 bytes is set to 1;
a DF moving step of checking, by the processor, one or more direct filters DF when the bit is set to 1 according to the DF1 checking step;
a re-moving step of moving, by the processor, the moving window by one byte again when the bit of a related position in a direct filter DF, which has been checked lastly, is 0;
a terminating step of checking, by the processor, whether the moving window is located at the end of the payload string or not, and of terminating the method when the moving window is positioned at the end of the payload string; and
a pattern identification step of identifying, by the processor, multiple patterns existing in the payload of the packet based on a bit of a related position in the one or more direct filters DF which is set to 1.