摘要
提出了一种高速网络环境下的入侵检测系统体系结构 ,通过综合原始信号的耦合技术 (捕包技术和流重组技术 )、汇聚均衡技术以及高效的数据流引擎 ,有效地解决了在多线路、大带宽骨干网线路上进行网络安全分析的处理性能问题 并且该体系结构具有很好的层次 ,具有高可伸缩性和适应性 ,可以适应从低速接入网到高速骨干网 (oc4 8以上多链路 )的复杂网络环境和各种不同的接口形式 当配置 16个数据流总线时 ,能以线速处理八路OC4 8接口的网络数据 。
The architecture of intrusion detection for high speed networks environment is put forward The architecture effectively solves the performance problems of network security analysis in multi line and large bandwidth backbone networks by integrating raw signal capture (i e packets capture and stream reassemble), aggression and balance, and efficient data stream engine The architecture has clear hierarchy, high scalability and flexibility and it can fit complex network environment and many types of interfaces from low speed access networks to high speed backbone networks (i e multi OC48c lines) The ID system based on such architecture can achieve line speed performance in eight OC48c lines network environment when sixteen data streams are configured, which exceeds the best formally claimed performance report of nowadays ID systems
出处
《计算机研究与发展》
EI
CSCD
北大核心
2004年第9期1481-1487,共7页
Journal of Computer Research and Development
基金
国家"八六三"高技术研究发展计划基金项目 (2 0 0 2AA14 70 2 0 )
