期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于多核处理器的入侵防御系统 被引量:2

Intrusion prevention system based on multicore-processor
原文传递
导出
摘要 随着高速以太网的广泛应用和网络入侵行为的日益复杂化,对网络入侵防御系统性能的要求越来越高.通过对传统入侵防御系统工作原理的分析,设计并实现了基于多核处理器的入侵防御系统.通过对系统中的多核处理单元进行分组,并构建共享缓冲队列实现工作组间的数据传递,使得系统在多核处理器环境下能够并行工作.试验结果表明,改进后系统的效率有显著提高,丢包率也明显降低. Requirements for a high-quality Intrusion Prevention System (IPS) are becoming more and more demanding with the wide use of high speed Ethernet and increasing complexity of network intrusion. By the analysis of the working principles in the traditional IPS, a improved IPS based on the multicore processor is designed and implemented. In this system, multicore processing units are divided into groups among which the data can be transmitted by building shared cache queues. In this way, IPS can work parallelized with a multicore processor. The results of our experiments demonstrate that the efficiency is greatly enhanced and that the packet loss ratio decreases.
作者 姚隽兮 梁刚 龚勋 韩忠秋
机构地区 四川大学计算机学院
出处 《四川大学学报(自然科学版)》 CAS CSCD 北大核心 2010年第2期263-268,共6页 Journal of Sichuan University(Natural Science Edition)
基金 国家自然科学基金(60873246 60573130 60502011) 教育部博士点基金(20070610032) 四川大学青年科学基金(校青07001 校青07002)
关键词 多核处理器 入侵防御 网络安全 multicore-processor, intrusion prevention, network security
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献7

二级参考文献27

  • 1梁可心,李涛,刘勇,陈桓.一种基于人工免疫理论的新型入侵检测模型[J].计算机工程与应用,2005,41(2):129-132. 被引量:13
  • 2李涛.基于免疫的网络安全风险检测[J].中国科学(E辑),2005,35(8):798-816. 被引量:40
  • 3李涛.Idid:一种基于免疫的动态入侵检测模型[J].科学通报,2005,50(17):1912-1919. 被引量:26
  • 4Perelson A S, Weisbuch G. Immunology for physicists. Review of Modern Physics, 1997, 69(4): 1219~1263.
  • 5Kim J, Bentley P J. Negative selection: how to generate detectors. In: Timmis J, Bentley P J, eds. The First International Conference on Artificial Immune Systems (ICARIS), Canterbury UK, 2002. Kent: Canterbury Printing Unit, 2002. 89~98.
  • 6Backus J. Can programming be liberated from the Von Neumann Style? A functional style and its algebra of programs. CACM, 1978, 21(8): 613~641.
  • 7Kim J, Bentley P J. Towards an artificial immune system for network intrusion detection: an investigation of dynamic clonal selection. In: the Congress on Evolutionary Computation (CEC- 2002), Honolulu, 2002. Piscataway: IEEE Press, 2002. 1015~1020.
  • 8de Castro L N. Timmis J 1. Artificial immune systems as a novel soft computing paradigm. Soft Computing Journal. 2003. 7(8):526-544.
  • 9Spears W M. De Jong K A. An overview of evolutionary computation. Lecture Notes in Computer Science, 1993, 667:442-4-59.
  • 10de Castro L N, Timmis J 1. Artificial Immune Systems: A New Computational Intelligence Approach. London: Springer-Verlag, 2002.

共引文献29

同被引文献10

  • 1杨宏宇,赵晓玲.应用层并行重组在NIDS中的设计与实现[J].吉林大学学报(理学版),2006,44(4):575-582. 被引量:4
  • 2Ptacek T, Newsham T. Insertion, evasion, and deni- al of service., eluding network intrusion detection [R]//Secure Networks Inc. [s. I. ]:[s. n. ], 1998.
  • 3Dharmapurikar S, Paxson V. Robust TCP stream re- assembly in the presence of adversaries [C] ff Balti- more,America, Proceedings of the 14th USENIX Se- curity Symposium. Baltimore, America: USENIX Symposium, 2005.
  • 4Necker M, Contis D, Schimmel D. TCP-Stream re- assembly and state tracking in hardware [C]//10th Annual IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM' 02), Calior-nia America : FCCM' 02, 2002.
  • 5Ruan Y, Yang W B, Chen M Y, etal,Robust TCP reassembly with a Hardware-Based solution for back- bone traffic [C] // Proeeedings of the 2010 IEEE Fifth International Conference on Networking, Architec- ture, and Storage, p. 439-447, July 15-17. Maeau China; IEEE, 2010.
  • 6赵晓玲,孙济洲.应用层协议并行重组算法的设计与实现[D].天津:天津大学,2004.
  • 7Varghese G, Fingerhut j, Bonomi F. Detecting eva- sion attacks at high speeds without reassembly[C]// Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for com- puter communications, September 11-15. Pisa, Ita- ly: SIGCOMM, 2006.
  • 8Alfred V. Aho , Margaret j. Coraick, Efficnt string matching: an aid to bibliographic search[J]. Communications of the ACM, 1975, 18(6) : 333.
  • 9Postel J. RFC 793.. transmission control protocol [DB/OL]. September 1981. Available from ftp..// ftp. rfe-editor, org/in-notes/rfc793, txt as of Au- gust, 2003.
  • 10熊兵,陈晓苏,陈宁.A Real-Time TCP Stream Reassembly Mechanism in High-Speed Network[J].Journal of Southwest Jiaotong University(English Edition),2009,17(3):185-191. 被引量:3

引证文献2

二级引证文献2

四川大学学报(自然科学版)
2010年 第2期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部