摘要： 用构造决策树的方法来对入侵规则进行分类组织，将并行处理的机制引入到数据包与入侵规则集的匹配检测过程中。该文对于构造入侵规则决策树的过程，采用信息增益率为新的分类属性选择标准，并用它替代了原有的信息增益标准。实验证明，对于某些特定的攻击类型，在产生相同告警数量的前提下，采用信息增益率的检测引擎比采用信息增益的检测引擎，在检测速度上有明显的提高，有力地提高了基于特征的入侵检测性能，可及时地发现入侵行为。

关键词: 入侵检测；规则；决策树；信息增益

Abstract: Using the decision trees approach to classify the intrusion rules, the idea is to introduce more parallelism when checking rules. This paper presents a new attribute selection metric, called the gain-ratio criterion to replace the gain criterion. For the certain particular attack type,experiment evaluation shows that the detection engine utilized gain-ratio criterion significantly improves the speed of detection process, compared to the gain criterion. The approach improves the performance of the signature-based intrusion detection, detects intrusion behavior in time.

Key words: Intrusion detection; Rule; Decision tree; Information gain