一种高速网络下IDS溢出数据包的处理模型

An analyzing model of overflowed datagram for high-speed networks

对匹配规则和被检数据包,都分为实时在线检测部分和延时离线补检部分,来选择性地溢出一些不重要的包和规则,避免随机丢包。同时把这些溢出的包保存下来,待系统有多余处理能力时,再调出来检测。这样既避免了随机丢包造成的安全隐患,又在没有增加硬件的情况下,提升了系统的检测性能。

The matching rules and the analyzed datagram are both divided into the online detected part and the offline one. Some less important data can be selected to overflow deliberately in order to avoid the overflow of the important data at random. Simultaneously the overflowed data is stored in a file to be analyzed later. By this means not only the sneak pasted intrusive data is reduced but also the analyzing capability of the system is enhanced without upgrading the hardware.