摘要
网络入侵检测系统的处理速度难以跟上网络的速度,使用多个分析引擎并行处理网络报文可以大幅度提高网络入侵检测系统的性能。考虑到负载均衡的要求,提出了一种并行入侵检测系统的动态自适应负载均衡算法,该算法给每个分析引擎设置了一个数据包接受区间,通过对网络报文的报头信息做哈希运算,把数据包映射到分析引擎的接收区间内;根据分析引擎的处理能力和负载情况调节各个分析引擎接受区间的宽度,从而合理分配每个分析引擎上的网络流量,充分利用所有分析引擎的计算能力。理论分析和实验结果表明,该算法在高带宽环境中有较高的效率。
As the band of computer networks increases,the processing speed of network intrusion detection system hardly keeps up with the speed of networks.By arranging several analysis engines to deal with the traffic in parallel,the intrusion detection system's throughput can be significantly increased.There is an emerging need for parallel intrusion detection techniques that can keep up with the increased network throughput.A novel algorithm of load balancing among parallel IDS(Intrusion Detection System) was proposed to improve detection ability of parallel IDS.The algorithm was adopted to hash the network packet header information in packet,to map the corresponding packet to scope of the analysis engines' number,and to adjust the scope according to the performance and load of each sensor.Theoretic analysis and experimental results demonstrate that the algorithm can dispatch packets reasonably and utilize all the analysis engines' sources effectively.
出处
《盐城工学院学报(自然科学版)》
CAS
2011年第4期39-43,共5页
Journal of Yancheng Institute of Technology:Natural Science Edition
基金
江苏省盐城市科技发展计划项目(YK2009092)
江苏省现代教育技术研究项目(2010R15239)
