METHOD AND APPARATUS FOR GENERATING NETWORK INTRUSION DETECTION RULE

摘要

The present invention relates to a method that, in order to automatically generate an intrusion detection rule used in a network intrusion detection system, when a set of existing intrusion detection rules, normal network traffic, suspicious network traffic, and a maximum intrusion detection rule length are given as inputs, filters out strings that are not included in the normal network traffic but are included only in the suspicious network traffic, calculates similarities between the filtered strings and the existing intrusion detection rules, and then selects the most similar intrusion detection rule to a new attack, thereby providing an intrusion detection rule candidate for the new attack by using the most similar intrusion detection rule.