摘要
高速入侵检测是当前网络安全领域研究的热点问题之一,而高速分流设计是高速入侵检测的一个关键技术。基于网桥的高速动态分流设计利用Linux网桥的防火墙架构,按照动态负载均衡的分流算法在数据链路层对网络数据包重新封装,再路由到各个探测器中,该方法针对入侵检测的分流特点,能够转发所有网络层数据,且成本低、易控制、扩展能力强。实验分析表明该方法在高速网中具有动态负载均衡的效果。
At present intrusion detection system has reached its limits in high-speed network. High speeds packet filter technique is the main point. This paper proposes high-speed dynamic data-distribution architecture. The high-speed dynamic data-distribution based on bridge takes advantage of Linux Ethernet bridging firewall framework, which captures IP packets and resets its destination Mac-Address so as to redirect packets to packet filter node. The technique can redistribute all packets in network layer in low-cost, manageable and easy expansion. Experiment proves that this data-distribution technique is effective and feasible.
出处
《计算机工程》
EI
CAS
CSCD
北大核心
2006年第15期132-134,共3页
Computer Engineering
基金
国家"863"计划基金资助项目(2003AA142060)
西安市工业科技攻关基金资助项目(GG04017)
关键词
高速入侵检测
动态负载均衡
网桥
防火墙
High-speed intrusion detection
Dynamic-load balancing
Bridges
Firewall
