入侵检测系统中应用层协议的并行重组

Parallel Reassembling of Application Layer Protocol in IDS

针对传统入侵检测系统的不足之处,将并行算法引入到应用层报文重组过程,提出了应用层协议自适应并行重组的设计思想。提出了报文并行重组的算法思想、体系结构和实现环境。系统由探测器、任务分配器、重组结点和控制台组成。并行重组过程主要包括Master和Slave两部分,Master程序运行在任务分配器上,负责任务的分配和调度,Slave程序运行在各个重组结点上,完成对链表中报文的重组。试验结果证明了该重组并行方法具有较高的效率和较低的丢包率。

This paper introduces parallel computing into reassembling process, and presents the parallel reassembling algorithm in application layer aiming at the weakness of traditional IDS. The system consists of task distributor, reassembling nodes and console. The reassembling process includes two parts, master and slave. The master program on task distributor implements task allocation and scheduling, the slave program on each reassembling node completes packet reassembling with linked list. The experimental result shows that this parallel reassembling method has high efficiency and low packet dropping rate.