MACHINE-LEARNING-BASED SIGNATURE MATCHING OPTIMIZATION METHOD FOR INTRUSION DETECTION SYSTEM

摘要

Provided is a machine-learning-based signature matching optimization method for an intrusion detection system. Historical alarms of an intrusion detection system are continuously learnt by using a machine learning period construction module, so as to periodically construct a machine learning data training set. After a network packet enters stage II of a detection engine, a machine learning prediction module performs real-time prediction on a selected prefilter signature sequence, and outputs a hit probability of a prefilter signature library sequence. Reverse sorting is performed on prefilter signatures according to the hit probability, such that the intrusion detection system preferentially traverses the prefilter signature having the highest hit probability. By means of the method, the number of times of invalid matching of an intrusion detection system can be effectively reduced, thereby improving the performance of the intrusion detection system; and a prefilter signature sequence of the intrusion detection system is dynamically adjusted, thereby ensuring the stability of the efficiency of the intrusion detection system under different traffic scenarios. In the present invention, a machine learning data set is updated periodically, such that the stability of the intrusion detection system in various traffic scenarios can be effectively improved.