| 高速网络入侵检测系统流量分配器 |
| |
| 引用本文: | 余荣,孙智,陈嘉,梅顺良,戴一奇.高速网络入侵检测系统流量分配器[J].清华大学学报(自然科学版),2005,45(10):1377-1380. |
| |
| 作者姓名: | 余荣 孙智 陈嘉 梅顺良 戴一奇 |
| |
| 作者单位: | 1. 清华大学,电子工程系,北京,100084
2. 清华大学,计算机科学与技术系,北京,100084 |
| |
| 摘 要: | 入侵检测技术是维护网络安全的一种重要手段。为了克服现有入侵检测系统在处理速度上的不足,该文提出了一种基于网络处理器和处理机群的高速入侵检测系统结构。重点讨论如何采用网络处理器实现系统中的流量分配器。对网络处理器的多线程数据采集、流量分配两个算法作了详细的分析。研究结果表明,经过算法优化,采用网络处理器IXP 1200实现的流量分配器可以完成1 G b.-s 1以上数据的实时采集,基于目的媒体接入控制(M AC)地址的转发策略在维护信息完整性和降低处理复杂度两方面体现了很好的折中,达到了合理的流量分配。
|
| 关 键 词: | 网络处理器 高速入侵检测系统 多线程并行编程 hash算法 |
| 文章编号: | 1000-0054(2005)10-1377-04 |
| 修稿时间: | 2004年10月21 |
Traffic distributor for high-speed network intrusion detection system |
| |
| YU Rong,SUN Zhi,CHEN Jia,MEI Shunliang,DAI Yiqi.Traffic distributor for high-speed network intrusion detection system[J].Journal of Tsinghua University(Science and Technology),2005,45(10):1377-1380. |
| |
| Authors: | YU Rong SUN Zhi CHEN Jia MEI Shunliang DAI Yiqi |
| |
| Institution: | YU Rong~1,SUN Zhi~1,CHEN Jia~2,MEI Shunliang~1,DAI Yiqi~2 |
| |
| Abstract: | Intrusion detection technology is an indispensable way to protect the network security.This paper presents a high-speed intrusion detection system(IDS framework based on network processor and detection cluster.Two hardware algorithms were developed for the traffic distributor.One is the high-speed data-receiving program with the IXP1200 network processor,while the other is the load balance policy based on the destination media access control(MAC address.Tests show that the first algorithm achieves more than(1 Gb/s data-capturing ability,while the second algorithm is a satisfactery trade-off between protecting information integrity and reducing computational complexity. |
| |
| Keywords: | network processor high-speed intrusion detection system multithreaded programming hash algorithm |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
