Abstract
Adjustment of Array sequence of matching rules can improve performance of network intrusion detection system. Firstly, This paper introduces static adjustment algorithm, which makes the most frequently used rules in the top of the list of rules, and reduces the frequency and time of following data packets; Secondly, two dynamic adjustment algorithms are designed and accomplished, which are algorithm of dynamic adjustment of matching rules based on variable sampling time T and algorithm of real-time adjustment based on matching trigger of feature event, the Former keeps the matching rule order consistent with the current network flow and adjust the sampling time T according to the number of network flow, the latter adopts three-step dynamical adjustment method to adjust rules sequence when intrusion happens. The experiment shows that the match performance of three-step dynamical adjustment algorithm has been significantly improved than other two adjust algorithms.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
