入侵检测系统中用户级报文传输机制研究

User-Level Message Messaging Mechanism for Intrusion Detection System

下载PDF

导出

摘要在分析了骨干网入侵检测系统性能瓶颈的基础上 ,提出并实现了一种面向入侵检测系统的用户级报文传输机制———ULMM (User LevelMessagingMechanism )。该通讯机制采用零拷贝技术 ,能够将传统TCP/IP协议栈从操作系统中旁路掉 ,利用异步DMA的方式实现用户层报文传输 ,从而有效地降低了入侵检测系统的通讯开销。试验证实 ,采用该通讯机制。 A user level messaging mechanism (ULMM) for Intrusion Detection System (IDS) is proposed and implemented on the basis of analysis over performance bottleneck of IDS in a backbone network. In ULMM, a zero copy method is adopted and the traditional TCP/IP protocol stack is bypassed from OS by passing message to/from user buffer with the aid of asynchronous DMA, so the communication overhead of IDS is efficiently reduced. Experimental evaluation illustrates that a very high speed of processing message and a very low ratio of CPU utilization are attained for an IDS with ULMM in a large scale network.

作者杨武方滨兴云晓春张宏莉胡铭曾

机构地区哈尔滨工业大学国家计算机内容信息安全重点实验室国家计算机网络与信息安全管理中心

出处《高技术通讯》 EI CAS CSCD 2003年第10期9-14,共6页 Chinese High Technology Letters

基金 86 3计划 (2 0 0 2AA14 2 0 2 0 2 0 0 1AA14 70 10B)资助项目

关键词入侵检测系统网络安全 TCP/IP协议报文传输机制零拷贝技术 Intrusion detection, Network security, Zero copy, Asynchronous DMA

分类号 TP393.08 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献8

1Axelsson S. Intrusion detection systems: a survey and taxonomy. Technical Report 99-15, Dept. of Computer Engineering, Chalmers University, Mar. 2000.
2Allen J, Christie A, Fithen W. State of the practice of intrusion detection technologies. Technical Report CMU/SEI-99-TR-028, ESC-99-028, Software Engineering Institute, Carnegie Mellon University, Jan. 2000.
3Dittia Z D, PanAkar G M, Cox Jr J R. The APIC approach to high performance network interface design-protected DMA and other techniques. In: Proceedings of IEEE Infocom, 1997.
4Pakin A C S, Karamcheti M. IEEE Concurrency, 1997,5(2): 60.
5Blumrich M A, et al. Virtual memory mapped network interface for the SHRIMP mtdtieomputer. In: Proceedings of the 21st Annual International Symposium on Computer Architecture, 1994. 142.
6Von Eicken Y, et al. Operating Systems Review, 1995,29(5) :40.
7Buzzard G, et al. An implementation of the Hamlyn sendermanaged interface architecture. In: Proceedings of the 2nd USENIX Symposium on Operating Systems Design and Implementation, Oct. 1996. 245.
8Welsh M, Basu A, Von Eicken T. Incorporating memory management into user-level network interfaces. In: Hot Interconnects V, Aug. 1997.

1田志宏,方滨兴,云晓春.RTLinux下基于半轮询驱动的用户级报文传输机制[J].软件学报,2004,15(6):834-841. 被引量：15
2唐懿芳,钟达夫.基于数据冗余的BDS长报文传输机制改进算法[J].指挥控制与仿真,2016,38(1):61-65. 被引量：4
3于彤,马社祥,刘铁根.基于多尺度边缘结构相似性的图像质量评价[J].光电子．激光,2009,20(6):843-846. 被引量：8
4王佰玲,方滨兴,云晓春.零拷贝报文捕获平台的研究与实现[J].计算机学报,2005,28(1):46-52. 被引量：67
5郑白玫,施鹏飞.大型分布式虚拟环境中的消息传递机制的关键问题[J].计算机科学,1999,26(6):45-47.
6曹春生,张卫东.Study of Asymmetric Polling System with Two Message Classes[J].Journal of Beijing Institute of Technology,2007,16(2):182-186.
7李海峰,杨小虎.基于RPC风格与Message风格SOAP消息的Web服务性能比较[J].计算机应用与软件,2007,24(1):79-80. 被引量：2
8LX.MSN7.0不能传EXE文件了?[J].电脑爱好者,2005(11):57-57.
9周二辉,邵晨曦,范金锋,冯海林.虚拟制造企业的Petri网建模／仿真[J].计算机辅助工程,2006,15(2):27-30.
10潘加宇.Together的替代者[J].程序员,2009(10):19-19.

高技术通讯

2003年第10期

浏览历史

内容加载中请稍等...

入侵检测系统中用户级报文传输机制研究

参考文献8

相关作者

相关机构

相关主题

浏览历史