摘要
为提高网络入侵检测系统(NIDS)在互联网流量和网络攻击数量增长下的性能,进行了在多核处理器上利用并行结构提高NIDS处理能力的研究。首先实现了NIDS在TILERA-GX36众核处理器上的数据并行(RTC)和任务并行(SPL)这两种并行机构方法,实验结果表明众核处理器上丰富的计算资源支持大量并行的NIDS实例,但同时也带来严重的资源竞争和冲突,系统并行化开销大大增加。为此,提出了一种基于共享的RTC方法,即SRTC方法,和已有方法相比,SRTC方法解决了RTC模型内存占用线性增长的问题,同时避免了SPL模型中的线程间通信开销。以开源NIDS软件Snort为基础,在TILERA-GX36众核处理器上对SRTC方法进行了实现和验证,实验结果证明采用SRTC的并行系统获得了类似线性的加速比,当加载超过7000条NIDS真实规则条目时,系统能够处理包长为1K字节的10Gbps的网络流量。
In order to improve the performance of a network intrusion detection systems (NIDS), a study on increasement of the processing capacity of a NIDS on multi-core processors by using the software based on parallel models was conducted. The two parallel designs of run-to-complete (RTC) and software pipeline (SPL) were implemented on the ManyCore processor of TILERA-GX36. For experiment demonstrated that this ManyCore processor' s rich computation resources supported many parallel NIDS examples, but it brought serious resource competion and conflicts, leading to the system' s great increasement of parallel overhead. Thus a Shared-RTC (SRTC) model for parallel NIDS was proposed. Compared with the models of RTC and SPL, the parallel overhead of the proposed SRTC model decreased largely and hence it took the full advantage of the ManyCore processor for the security task. Furthermore, the proposed design leverages particular features of the processor to break the bottlenecks. The proposed design was integrated into the open source NIDS Snort for performance evaluation. The prototype exhibits almost linear speedup and experimental results show that the parallel system can handle up to the 10 Gbps traffic with the packet size of l kbytes, against a ruleset contains about 7K signatures.
出处
《高技术通讯》
CAS
CSCD
北大核心
2014年第9期935-941,共7页
Chinese High Technology Letters
基金
863计划(2013AA013501)
国家自然科学基金(61133015)资助项目
