摘要
合理构建规则树可以提高Snort的匹配效率。当前常见的规则树构建方法不能很好反映实际工作环境的特点,从而造成某些重要的规则属性得不到优先匹配。主要是基于对网络实际数据的统计来构建规则树,提出了一种属性重要性的测度方法,使得规则树能够适应实际的网络工作环境,从而提高了规则匹配的速度。
Constructing Snort rules tree reasonably can improve the efficiency of rules matching. But in current, the process of constructing rules tree can't reflect the characteristics of practical work environment well, and then some important attributes can't be matched firstly. This paper proposes a method to measure significance of attributes, and the process of constructing rules tree is based on statistics of the real data packets, so it can increase the speed of rules matching.
出处
《电脑开发与应用》
2008年第11期11-13,共3页
Computer Development & Applications
基金
山西省高校科技开发项目(20051202)
关键词
入侵检测
规则树
适应性算法
属性重要性测度
intrusion detection, rules tree, adaptive algorithms, measure significance of attributes
