一种Snort规则的优化方法

A Method of Optimizing the Rules in Snort

Snort是一款基于规则发现入侵行为的网络入侵检测系统,为了提高入侵检测系统中检测引擎的速度和效益,在分析Snort的规则组织结构和规则匹配过程的基础上,提出了一种规则优化的方法。该方法充分利用了协议特征和规则内容,能有效地加快检测引擎的速度,提高入侵检测的效率。

Snort is a network intrusion detection system which detects intrusion behavior on the basis of rules. To improve the speed and benefit of intrusion detection engine in intrusion detection system, on the base of analyzing the organizational structure and rules matching process of snort, a new method of the optimization of rules is introduced. The new method makes full use of the characters of the protocols and the content of the rules. It can effectively expedite the speed of intrusion detection engine and improve the efficiency of the intrusion detection.