Abstract: The heavy workloads of the Gigabit Intrusion Detection System (GIDS) make the packet classification algorithm critical to its performance. However，unfortunately In GIDS the problem of creating a minimal decision tree that is consistent with a set of data is NP hard. Based on the former research[1,2], we propose a new algorithm MaxFeatureEntropy to perform local optimization by choosing the most discriminating feature which has the most high entropy when creating the rule decision tree. The method of evaluating the feature entropy of rules is also discussed. The experimental results show that compared to Hicuts and Picuts, the performance of MaxFeatureEntropy improves 44.4% and 20% respectively, and its memory consumption is 10% of that of Hicuts, and 60% of that of Picuts.

Key words: feature entropy, decision tree, packet classification, GIDS