Provided is an intrusion detection apparatus and method using patterns. The intrusion detection apparatus using patterns for performing intrusion detection by receiving indices of matched intrusion detection rules which are results of matching payload parts and IP (Internet protocol) address parts of packets, includes: a rule generator classifying intrusion detection rules into rules having content examination parts and rules without content examination parts, granting an index to each of the rules so as to output the indices to a unit for performing the matching and to simultaneously store the indices; an extractor extracting payload parts and address parts from the packets and outputting the extracted payload parts and address parts to the unit; and an examination unit examining corresponding rules based on the indices. Accordingly, an overload due to examinations which are performed on all rules for malicious packets whenever packets are input, is reduced, so that processing speed can be increased. Therefore, an implementation of a system having an effective performance and a relatively low cost that can replace a high-cost and high-performance hardware dedicated system is possible.