Network Traffic Analysis Optimization for Signature-Based Intrusion Detection Systems

This paper proposes a method for signature matching optimization in the field of intrusion detection and prevention. Signature matching algorithm performance is one of the key factors in the overall quality of the IDS/IPS, especially in high-speed networks. Optimization method proposed in this paper relies on semantics of the signature matching task, typical for such systems as Snort. The method minimizes the number of patterns called by the detection system for each network packet, reducing the time of its processing.