| 面向入侵检测的网络处理器设计 |
| |
| 引用本文: | 魏利华,丁辉,宣军英,刘小晶. 面向入侵检测的网络处理器设计[J]. 计算机工程, 2008, 34(20): 154-155 |
| |
| 作者姓名: | 魏利华 丁辉 宣军英 刘小晶 |
| |
| 作者单位: | 嘉兴学院信息工程学院,嘉兴,314001;南京理工大学计算机科学与技术学院,南京,210094;南京理工大学计算机科学与技术学院,南京,210094 |
| |
| 基金项目: | 国家高技术研究发展计划(863计划) |
| |
| 摘 要: | 网络速度快速提升、网络协议日新月异、攻击种类层出不穷,传统的基于软件的IDS检测速度已不胜任千兆以上网络。该文引入网络处理器技术,以硬件代替软件实现关键算法,解决了入侵检测中的速度瓶颈问题。设计了一个面向入侵检测的高速网络处理器原型,仿真实验表明其检测速度为原系统的107.36倍。
|
| 关 键 词: | 入侵检测 网络处理器 模式匹配 硬件实现 |
| 修稿时间: | |
Design of Network Processor for Intrusion-detection |
| |
| WEI Li-hua,DING Hui,XUAN Jun-ying,LIU Xiao-jing. Design of Network Processor for Intrusion-detection[J]. Computer Engineering, 2008, 34(20): 154-155 |
| |
| Authors: | WEI Li-hua DING Hui XUAN Jun-ying LIU Xiao-jing |
| |
| Affiliation: | (1. School of Information Engineering, Jiaxing University, Jiaxing 314001; 2. School of Computer Science & Technology, Nanjing University of Science and Technology, Nanjing 210094) |
| |
| Abstract: | Due to the fast increasing wire-speed of the network and the various new network protocols as well as the emerging of diversified attacks, an Intrusion Detection System(IDS) has to check more and more packages getting through the Internet. The former IDS based on software, being too slow to capture all the passing packages, are not valid in such high-speed network as Gb/s any longer. In order to solve the speed bottleneck problem for an IDS, a new network processor technique is introduced to achieve a high-speed IDS prototype by using hardware instead of software. The simulation study shows that the packets-checking speed of the newly constructed IDS is 107.36 times as that of the former IDS. |
| |
| Keywords: | intrusion detection network processor pattern matching hardware implementation |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载免费的PDF全文 |
|
