期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种支持SMP的高性能入侵检测通信机制研究 被引量:4

Research on a high-performance intrusion detection communication mechanism supporting SMP
下载PDF
导出
摘要 提出并实现了一种适用于宽带网的支持SMP的高性能入侵检测通信协议框架-ULNP(userlevelnetworkprotoc01).该框架通过采用旁路内核协议栈的零拷贝技术实现用户级虚拟网络接口,同时针对入侵检测的特点,优化了用户层的通信协议栈,从而有效地降低了入侵检测系统的通信开销.实验结果表明在本文的试验环境下,相对于传统入侵检测通信框架而言,ULNP的报文处理带宽提高了大约2~7倍,CPU空闲率提高大约1~2倍. The paper presents and implements a high-performance communication protocol architecture supporting SMP for the high bandwidth network intrusion detectionULNP(User Level Network Protocol). In ULNP, a user-level virtual network interface is designed by adopting a zero-copy method that bypasses the traditional kernel protocol stack from OS. In addition, the user-level TCP/IP protocol is optimized according to the characteristic of NIDS. So the communication overhead of NIDS is efficiently reduced. Experimental evaluation illustrates that compared with traditional NIDS, peak throughput of processing packets is increased by about 2-7 times and CPU idle ratio is increased by 1-2 times for the NIDS with ULNP in the high-speed network.
作者 杨武 方滨兴 云晓春 张宏莉
机构地区 哈尔滨工业大学国家计算机内容信息安全重点实验室 国家计算机网络与信息安全管理中心
出处 《通信学报》 EI CSCD 北大核心 2004年第1期100-109,共10页 Journal on Communications
基金 国家"863"计划基金资助项目(2002AA142020)
关键词 网络安全 入侵检测 零拷贝 TCP/IP协议栈 协议分析 SMP network security intrusion detection zero-copy TCP/IP protocol protocol analysis
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献14

  • 1[1]AXELSSON S. Intrusion Systems: A Survey and Taxonomy[R]. Technical Report 99-1S, Depart Of Computer Engineering, Chalmers University, 2000.
  • 2[2]FISK M, VARGHESE G Fast Content-based Packet Handling for Inuusion Detection[R]. Technical Report CS2001-0670, University of California, San Diego, Department of Computer Sciencee and Engineexing. 2001.
  • 3[3]ROESCH M. Snort lightweight intrusion detection for network[A]. Proceedings of the 13th System Administration Conference[C].Seattle, Washington, USA, 1999. 229-238.
  • 4[4]MCALERNEY J, COIT C, STANIFORD S. Towards faster string matching for intrusion detection or exceedingthe speed of snort[A]. DARPA Information Survivability Conference and Exposition[C]. Anaheim, California, 2001. 367-373.
  • 5[5]GRAHAM R. NIDS-Pattern search vs protocol decode[J]. Computers & Secrity, 2001, 20(1):37-41.
  • 6[6]EGOROV S, SAVCHUK G SNORTRAN: An optimizing compiler for snort rules[EB/OL]. http://www.fidelissec.com/snortran/SNORTRAN-wp,pdf,2002.
  • 7[7]DIITIA Z, PARULKAR G, COX J. The APIC appach to high performance network interfaee design protecd DMA and othertechniques[A]. Proceedings of INFOCOM97[C]. Kobe, Japan, 1997. 179-187.
  • 8[8]BASU A, BUCHY, VOGELS W, et al. U-Net: an user-level network interface for parallal and distrirbuted computing[A]. Proceedings of the 15th ACM Symposium on Opiating Systems Principles (SOSP)[C]. Copper Mountain, Colorado,1995.40-53.
  • 9[9]WELSH M, BASU A, EICKEN V. Incorporating memory management into user-level network interfaces[A]. Proceedings of Hot Interconnects V[C]. Stanford 1997. 27-36.
  • 10[10]EICKEN V, VOGELS W. Evolution of the virtual interface architecture[EB/OL], http.://www.cs.cornell.edu/vogels/papers/evolutionvia. pdf, 1998.

同被引文献28

引证文献4

二级引证文献28

通信学报
2004年 第1期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部