摘要
提出并实现了一种适用于宽带网的支持SMP的高性能入侵检测通信协议框架-ULNP(userlevelnetworkprotoc01).该框架通过采用旁路内核协议栈的零拷贝技术实现用户级虚拟网络接口,同时针对入侵检测的特点,优化了用户层的通信协议栈,从而有效地降低了入侵检测系统的通信开销.实验结果表明在本文的试验环境下,相对于传统入侵检测通信框架而言,ULNP的报文处理带宽提高了大约2~7倍,CPU空闲率提高大约1~2倍.
The paper presents and implements a high-performance communication protocol architecture supporting SMP for the high bandwidth network intrusion detectionULNP(User Level Network Protocol). In ULNP, a user-level virtual network interface is designed by adopting a zero-copy method that bypasses the traditional kernel protocol stack from OS. In addition, the user-level TCP/IP protocol is optimized according to the characteristic of NIDS. So the communication overhead of NIDS is efficiently reduced. Experimental evaluation illustrates that compared with traditional NIDS, peak throughput of processing packets is increased by about 2-7 times and CPU idle ratio is increased by 1-2 times for the NIDS with ULNP in the high-speed network.
出处
《通信学报》
EI
CSCD
北大核心
2004年第1期100-109,共10页
Journal on Communications
基金
国家"863"计划基金资助项目(2002AA142020)