Abstract
Adjustment of Array sequence of matching rules can improve performance of network intrusion detection system. Firstly, This paper introduces static adjustment algorithm, which makes the most frequently used rules in the top of the list of rules, and reduces the frequency and time of following data packets; Secondly, two dynamic adjustment algorithms are designed and accomplished, which are algorithm of dynamic adjustment of matching rules based on variable sampling time T and algorithm of real-time adjustment based on matching trigger of feature event, the Former keeps the matching rule order consistent with the current network flow and adjust the sampling time T according to the number of network flow, the latter adopts three-step dynamical adjustment method to adjust rules sequence when intrusion happens. The experiment shows that the match performance of three-step dynamical adjustment algorithm has been significantly improved than other two adjust algorithms.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Jiang, J.: Intrusion detection of network security. Summary of Research. Learned Journal of Software 11(11), 1460–1466 (2000)
Ren, X.: Research and realization of method of improving rule matching speed of snort. Application of Computer 23(4), 59–61 (2003)
Yan, W.: Data Structure (C Language). Press of Tsinghua University, Beijing (2002)
Zhang, Y.: Course of Operating System of Computer, 3rd edn. Press of Tsinghua University, Beijing (2002)
Chen, T.: Optimization of rule set. Learned Journal of NEAI 20(6), 654–656 (2005)
Al-shaer, E., Hamed, H.: Design and Implementation of Firewall Policy AdvisorTools.Technical Report CTI-techrep0801, School of Computer Science Telecommunications and Information Systems, Depaul University (August 2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhou, YS., Yang, JR. (2012). Research and Improvement of Adjustment Algorithm of Matching Rules of Intrusion Detection. In: Lei, J., Wang, F.L., Li, M., Luo, Y. (eds) Network Computing and Information Security. NCIS 2012. Communications in Computer and Information Science, vol 345. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35211-9_49
Download citation
DOI: https://doi.org/10.1007/978-3-642-35211-9_49
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-35210-2
Online ISBN: 978-3-642-35211-9
eBook Packages: Computer ScienceComputer Science (R0)