期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

高速IDS中一种改进的数据包捕获方法的研究

Research on an Improved Packet Capture Method in High-speed IDS
下载PDF
导出
摘要 在大的网络流量环境和中断批处理的情况下,数据包捕获的丢包率出现了急剧地上升。如何降低数据包捕获的丢包率是高速IDS研究的难点之一,针对这一问题,提出了一种改进的数据包捕获方法,它将Libpcap整合到Linux内核中,并结合了基于NAPI的自适应轮询方法和Linux的内存映射机制,减少了中断与系统调用的开销。实验证明,在数据包长度较小的情况下,所提方法可有效降低丢包率和CPU占用率,从而改善了包捕获的性能。 Network traffic in large environment and disruption of a batch of cases,the data packet capture of packet loss rate appeared to rise sharply. How to reduce the packet capture of the packet loss rate is high-speed IDS research one of the difficulties, in view of this issue, an improved method of packet capture is presented, it will Libpcap integrated into the Linux kernel and based on a combination of NAPI adaptive polling methods and Linux's memory-mapped mechanism to reduce the disruption and system call overhead. Experiments show that in the data packet length is relatively small, the proposed method can effectively reduce the packet loss rate and the CPU occupancy rate, thus improving the performance of the packet capture.
作者 蒋芃 李健
机构地区 岳阳广播电视大学
出处 《科学技术与工程》 2009年第12期3346-3349,3374,共5页 Science Technology and Engineering
基金 湖南省科技攻关项目(04GK3022)资助
关键词 IDS包捕获 自适应轮询 共享内存 packet capture adaptive polling methods memory-mapped
分类号 TP393.07 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献7

二级参考文献19

  • 1[1]Ptacek TH,Newsham TN. Insertion,Evasion,and Denial of Service:Eluding Network Intrusion Detection[Z]. Secure Networks,Inc,January,1998.
  • 2[2]Laing B. How To Guide-Implementing a Network Based Intrusion Detection System[A]. Sovereign House 57/59 Vaster Road Reading RG1 8BT[C], UK, 2000.
  • 3[3]Roesch M. Snort-Lightweight Intrusion Detection for Networks[A]. Proceedings of the 13th Systems Administration Conference[C]. USENIX,1999.
  • 4[4]Roesch M,Green C. Snort Users Manual,Snort Release:1.9.0[EB/OL]. http://www.snort.org/docs/writing_rules-1.9.0/,2001.
  • 5[5]Roesch M,Yarochkin F,Ruiu D, et al. SNORT FAQ Version 1.8[S], 2002-03-25.
  • 6[6]Northcutt S,Novak J,McLanchlan D. Network Intrusion Detection An Analysts Handbook[M]. Indianapolis,Indiana:New Riders publishing,2000.
  • 7[1]Mogul C J, Ramakrishnan K K. Eliminating receive livelock in an interrupt-driven kernel [J]. ACM Transactions on Computer Systems, 1997, 15(3): 217~252.
  • 8[2]Salim J H. Beyond softnet [A]. 5th Annual Linux Showcase & Conference, Oakland, California, 1999.
  • 9[3]White R. Inside Cisco IOS software architecture [M]. Indianapolis,USA:Cisco Press, 2000.
  • 10[4]Kohler E. The click modular router [J]. ACM Transactions on Computer Systems, 2000, 18(3): 263~297.

共引文献45

科学技术与工程
2009年 第12期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部