| 摘要 |
The present invention discloses a method and a device for optimizing and configuring a detection rule, where the method includes: receiving network traffic; extracting a packet from the network traffic, and identifying, according to a feature of the packet, protocol related information used in the network; saving correspondence between the protocol related information and the protocol related information to a first learning association table; and matching a corresponding rule item from a vulnerability rule base according to the protocol related information, so as to generate a first compact rule set. Through the generated compact rule set in the present invention, subsequent protocol detection is performed only for a protocol threat that may occur in a live network; therefore, content that needs to be detected subsequently is reduced, the detection efficiency is improved, and unnecessary performance consumption is avoided at the same time. |
