Research on Rapid Detection Algorithm Based on Property Choosing Tree
The construction method used by detection engine Snort-NG based on ID3 decision tree has the problem of excessive memory occupancy. The idea that the test properties are chosen according to the gradation of rule property in network protocol stack was presented in this paper; that is, the property of link layer first determined, and then network layer and transport layer. The atomicity of the value of these properties were preserved and the values of these properties were treated as a whole. The results of experiment showed that the occupancy of memory was much less in the state of non-trivial property being very common with this approach.)
ID3 Rule property Protocol stack
Nengshan Feng Yugang Wu Zhongming Yang Huomin Liang
School of Computer Science & Technology Dongguan University of Technology Dongguan,Guangdong,China School of Computer Science and Engineering Jiang Su University of Science & Technology Zhenjiang,Jia School of Science Guangdong University of Petrochemical Technology Maoming .Guangdong,China School of Software Engineering SouthChina University of Technology Guangzhou,Guangdong,China
国际会议
太原
英文
521-524
2011-02-26(万方平台首次上网日期,不代表论文的发表时间)