Performance enhancement of a Malware Detection System using score based prioritization of snort rules

Snort is an open source Intrusion Detection System (IDS) that uses a rule-based approach to detect different kinds of malware, online attacks, vulnerabilities, etc. The performance of a Malware Detection System (MDS) deployed in a large network depends on the nature and type of rules stored in its database. As the number and type of attacks are increasing, more number of rules are appended in the MDS database. This increase in the size of rule database itself becomes the bottleneck in the performance of the MDS. This paper proposes a rule scoring based mechanism for prioritizing the snort rules so as to optimize the number of rules in the MDS database. Only those rules are retained in the database whose total score is greater than the computed threshold value. The results show that the performance of MDS has enhanced remarkably.