|
|
计算机应用研究 2005
Study of Intrusion Detection Based on Binary Tree Data Structure
|
Abstract:
In this paper, binary tree structure substitutes for linked list structure used in traditional IDS, aiming to better storage of rules and improve pattern matching so as to speed intrusion detection. After briefly analyzing rule structure of Snort, this paper expatiates the design of binary tree basing on the idea of rules clustering in detail.Meanwhile, the most discriminating features are dynamically selected in each node and tested parallelly by adopting C4.5 algorithm for the sake of achieving performance optimizations. Last but not least, in order to reduce redundant compare and noneffective matching as possible,a new string matching algorithm called Int Match,which is a fast multiple matching algorithm using number operations, is used to significantly advance pattern matching and accelerate rules accessing.
