Intelligent Matching for Intrusion Detection Rules Based on Protocol Analysis

Because there are some problems for traditional pattern matching detection technique such as high strength!computations,low detection rates and high false alarm rates an intelligent matching for intrusion detection rules based on protocol analysis is proposed.And this technique aims at detecting attacks by the means of high regularity of TCP/IP(Transmission Control Protocol/Internet Protocol),which results in obvious decrease of computational quantities of rules matching.The design and implementation of auto sorting rules base based on dynamic analysis are also presented.Experimental results show that our proposals can shorten about 20% the time of pattern matching and improve the efficiency of intrusion detection.