Research and Improvement of Adjustment Algorithm of Matching Rules of Intrusion Detection

Adjustment of Array sequence of matching rules can improve performance of network intrusion detection system. Firstly, This paper introduces static adjustment algorithm, which makes the most frequently used rules in the top of the list of rules, and reduces the frequency and time of following data packets; Secondly, two dynamic adjustment algorithms are designed and accomplished, which are algorithm of dynamic adjustment of matching rules based on variable sampling time T and algorithm of real-time adjustment based on matching trigger of feature event, the Former keeps the matching rule order consistent with the current network flow and adjust the sampling time T according to the number of network flow, the latter adopts three-step dynamical adjustment method to adjust rules sequence when intrusion happens. The experiment shows that the match performance of three-step dynamical adjustment algorithm has been significantly improved than other two adjust algorithms.