| 一种支持SMP的高性能入侵检测通信机制研究 |
| |
| 引用本文: | 杨武,方滨兴,云晓春,张宏莉. 一种支持SMP的高性能入侵检测通信机制研究[J]. 通信学报, 2004, 25(1): 100-109 |
| |
| 作者姓名: | 杨武 方滨兴 云晓春 张宏莉 |
| |
| 作者单位: | 1. 哈尔滨工业大学国家计算机内容信息安全重点实验室,黑龙江,哈尔滨,150001
2. 国家计算机网络与信息安全管理中心,北京,100031 |
| |
| 基金项目: | 国家“863”计划基金资助项目(2002AA142020) |
| |
| 摘 要: | 提出并实现了一种适用于宽带网的支持SMP的高性能入侵检测通信协议框架-ULNP(user level network protocol)。该框架通过采用旁路内核协议栈的零拷贝技术实现用户级虚拟网络接口,同时针对入侵检测的特点,优化了用户层的通信协议栈,从而有效地降低了入侵检测系统的通信开销。实验结果表明在本文的试验环境下,相对于传统入侵检测通信框架而言,ULNP的报文处理带宽提高了大约2-7倍,CPU空闲率提高大约1~2倍。
|
| 关 键 词: | 网络安全 入侵检测 零拷贝 TCP/IP协议栈 协议分析 SMP |
| 文章编号: | 1000-436X(2004)01-0100-10 |
| 修稿时间: | 2003-05-28 |
Research on a high-performance intrusion detecition communication- mechanismsupporting SMP |
| |
| YANG Wu,FANG Bin-xing,YUN Xiao-chun,ZHANG Hong-li. Research on a high-performance intrusion detecition communication- mechanismsupporting SMP[J]. Journal on Communications, 2004, 25(1): 100-109 |
| |
| Authors: | YANG Wu FANG Bin-xing YUN Xiao-chun ZHANG Hong-li |
| |
| Affiliation: | YANG Wu1,FANG Bin-xing2,YUN Xiao-chun1,ZHANG Hong-li1 |
| |
| Abstract: | The paper presents and implements a high-performance communication protocol architecture supporting SMP for the high bandwidth network intrusion detectionULNP(User Level Network Protocol). In ULNP, a user-level virtual network interface is designed by adopting a zero-copy method that bypasses the traditional kernel protocol stack from OS. In addition, the user-level TCP/IP protocol is optimized according to the characteristic of NIDS. So the communication overhead of NIDS is efficiently reduced. Experimental evaluation illustrates that compared with traditional NIDS, peak throughput of processing packets is increased by about 2-7 times and CPU idle ratio is increased by 1-2 times for the NIDS with ULNP in the high-speed network. |
| |
| Keywords: | network security intrusion detection zero-copy TCP/IP protocol protocol analysis |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
