| 高速网络环境下入侵检测系统结构研究 |
| |
| 引用本文: | 陈训逊,方滨兴,李蕾.高速网络环境下入侵检测系统结构研究[J].计算机研究与发展,2004,41(9):1481-1487. |
| |
| 作者姓名: | 陈训逊 方滨兴 李蕾 |
| |
| 作者单位: | 哈尔滨工业大学计算机学院网络安全实验室,哈尔滨,150001 |
| |
| 基金项目: | 国家“八六三”高技术研究发展计划基金项目 (2 0 0 2AA14 70 2 0 ) |
| |
| 摘 要: | 提出了一种高速网络环境下的入侵检测系统体系结构,通过综合原始信号的耦合技术(捕包技术和流重组技术)、汇聚均衡技术以及高效的数据流引擎,有效地解决了在多线路、大带宽骨干网线路上进行网络安全分析的处理性能问题.并且该体系结构具有很好的层次,具有高可伸缩性和适应性,可以适应从低速接入网到高速骨干网(oc48以上多链路)的复杂网络环境和各种不同的接口形式.当配置16个数据流总线时,能以线速处理八路OC48接口的网络数据,突破了公开报导的同类系统的最好水平.
|
| 关 键 词: | 入侵检测系统 高速网络环境 信号耦合 汇聚分流 散列 数据流总线 探针 |
Architecture of Intrusion Detection for High-Speed Networks |
| |
| CHEN Xun Xun,FANG Bin Xing,and LI lei.Architecture of Intrusion Detection for High-Speed Networks[J].Journal of Computer Research and Development,2004,41(9):1481-1487. |
| |
| Authors: | CHEN Xun Xun FANG Bin Xing and LI lei |
| |
| Abstract: | The architecture of intrusion detection for high speed networks environment is put forward The architecture effectively solves the performance problems of network security analysis in multi line and large bandwidth backbone networks by integrating raw signal capture (i e packets capture and stream reassemble), aggression and balance, and efficient data stream engine The architecture has clear hierarchy, high scalability and flexibility and it can fit complex network environment and many types of interfaces from low speed access networks to high speed backbone networks (i e multi OC48c lines) The ID system based on such architecture can achieve line speed performance in eight OC48c lines network environment when sixteen data streams are configured, which exceeds the best formally claimed performance report of nowadays ID systems |
| |
| Keywords: | IDS high-speed networks signal coupling aggressive-balancing hash data stream sensor |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
