Method and device for matching network message rules

The invention discloses a method and a device for matching network message rules. The method comprises the following steps of: constructing a network message classification tree according to a network message rule set; marking each internal node in the constructed network message classification tree as a message field attribute; marking each output arc of the internal node as the value of the message field attribute marked by the internal node, wherein the value is a numerical value or an arbitrary value; marking each leaf node as a network message rule in the network message rule set; and after capturing a network message each time, searching in the constructed network message classification tree according to the value of the message field attribute contained in the network message, if acompletely matched branch can be searched, the network message is matched with the network message marked by the leaf node on the branch. By using the method and the device, a matching speed of the network message rules is greatly improved.