摘要
并行网络入侵检测系统架构的提出很大程度上缓解了当前硬件处理能力不足和网络流量激增之间的矛盾,其充分发挥作用的关键在于如何高效稳定地将流量均匀地分配到各个检测引擎上.本文在深入分析负载均衡算法的各个实现要素基础上,基于经典时间序列模型ARMA对网络流量进行了预测,按照周期性预测负载信息的策略,设计实现了ABLB算法,在降低各个检测引擎反馈负担的同时其负载均衡能力、攻击证据保持、高效性和健壮性也得到了保证,在算法分析和实验中进行了讨论和验证.
The proposal of parallel intrusion detection system architecture have largely alleviated the contradiction between the shortage of hardware process capabilities and the increase in network traffic. While the key point is how to split the traffic to each detection engine efficiently and steadily. This paper fist had a deep analysis of the load-balancing algorithm and predicted the network traffic based on the classical time series model, ARMA, then designed and implemented the ABLB algorithm with the strat- egy of periodic load forecast information. The algorithm not only could reduce the feedback burden for each detection engine but the load balancing capabilities, maintenance of attacking evidence, high efficiency and robustness were guaranteed also. They have been discussed and verified in algorithm analysis and experiment sections.
出处
《四川大学学报(自然科学版)》
CAS
CSCD
北大核心
2011年第1期80-86,共7页
Journal of Sichuan University(Natural Science Edition)
基金
国家自然科学基金(60873246)
教育部创新工程重大项目培育资金(708075)
国家教育部博士点基金(20070610032)
