基于网络处理器的高性能入侵防护系统研究

提出一种基于网络处理器的入侵防护系统模型,该模型基于异构多核计算架构,采用通用x86/IA多核处理器作为应用和控制CPU,运行检测和控制模块,专用网络处理器作为协处理器实现网络层面的处理,两者之间通过PCIE实现高速通信,从而实现高效能、自适应、可扩展的入侵防护系统.用NFE-i8000网络处理器和Intel Xeon E5620四核八线程的通用处理器实现系统原型,并用PHAD异常检测系统作为入侵检测器进行了模拟实验.仿真结果表明,模型不但可提高系统性能,而且按协议类型进行负载均衡的检测结果比按五元组要好.

High-performance Architecture of Intrusion Prevention Systems Based Network Processor

A novel network intrusion prevention scheme is designed,based a heterogeneous multi-core processing architecture where its NP devices complement genera purpose multi-core processors such as Intel＇s Xeon family.The common multi-core x86/IA processor handles application layer services,and professional network processor handles 2to 4Layer business,through PCIE accelerator tight coupling of these two processors,can be achieved to a linear,safety,virtualization and unified platform.To use network processor NFE-i8000to process network traffic at network Layers include Packet capture and load balancing,a set of PHAD network-based anomaly Intrusion Detection sensors in processing network traffic.Experimental results shows that our enhancements can reduce the processing load of the sensors,and load balancing with the five-tuples will be better than the protocol.