無法否認地,網路已經成為新經濟時代的成長動力之一,企業們如欲節省成本、增加效率、密切掌握全球經濟脈動,都不能自絕於網路的浪潮下;然而,隨著更多的企業將內部資源開放與網路進行聯動,代表著未知的安全風險也相對的升高,即便是一點微小、想像不到的保全疏忽,都有可能將辛苦建立的防護機制暴露於潛在的威脅當中。 因此,隨著企業對於安全防護的重視,入侵偵測系統在近年來甚受重視;它可偵測任何有意進犯企業安全的危險行為,並通知或預警給相關人員處理;它針對入侵行為的偵測方式是採用所謂的特徵比對方法,優點是偵測率高,方便企業依規則自行定義本身的環境來學習;然而,隨著網路速度提升及各種新技術的發明,採用精確比對的特徵比對方法,卻因為其愈來愈形龐大的資料庫而成為入侵偵測系統效率的殺手。 本論文試圖從優化入侵規則庫方向,以降低龐大規則庫對於入侵偵測系統效率的影響,並透過自動的方式,將優化作業皆置於背景執行,不致於造成系統管理員的負擔。 The network technology has been one of motive forces today for enterprises growing. Any enterprises who want to save costs, increase efficiency, or catch up with world’s economical trend can not resist investment on networking. Though network technology brings us so many advantages, a very little negligence on network security will cause a destructive consequence to an enterprise. So, with more and more resources are open and shared on network, more technologies on how to protect and prevent information safety from potential intrusions are researched. Intrusion detection system is popular in these years, which can detect any behaviors with bad intentions, and announce to security team in enterprise. Most Intrusion detection system use the method of pattern matching to judge an intrusion, the strong point for the method is its high detection rate, and easy to configure for different types of network environments. But with higher network speed and varies kinds of intrusion skills, the database of intrusion detection rule which Intrusion detection system relay on is swollen up day by day, and become a killer for Intrusion detection system’s efficiency. In this paper, we tried to increase efficiency of a huge intrusion rule database accessed by Intrusion detection system by means of optimization, and the system for optimizing is automatically carried out in background to decrease the loading for an administrator.