支持IDS的高速网络信息获取体系结构

doi:10.13190/jbupt.200602.118.zhangzhx

北京邮电大学学报 ›› 2006, Vol. 29 ›› Issue (2): 118-122.doi: 10.13190/jbupt.200602.118.zhangzhx

支持IDS的高速网络信息获取体系结构

张兆心，方滨兴，胡铭曾

哈尔滨工业大学计算机网络与信息安全技术研究中心

出版日期:2006-04-28 发布日期:2006-04-28

An IDS-Supported Architecture of Information Capture for High-Speed Networks

ZHANG Zhao-xin, FANG Bin-xing, HU Ming-zeng

Research Center of Computer Network and Information Security Technology, Harbin Institute of Technology

Online:2006-04-28 Published:2006-04-28

摘要/Abstract

摘要： 提出了一种针对高速网络环境的信息获取体系结构. 可扩展的网络探测模型较好地解决了不同网络带宽的适应性问题；高带宽数据流实时捕获技术、高效的多线程TCP/IP(传输控制协议/互联网络协议)协议栈，以及基于插件的PLUGINs协议还原平台，使信息的捕获与还原问题得到了根本性解决. 综合以上技术所构建的体系结构可以应用于多线路、高速网络环境下，解决检测范围大、数据流量高等问题，保证数据信息的及时性、安全性与准确性.

关键词: 零拷贝, 并行协议栈, 协议还原

Abstract: The architecture of information capture for the high-speed network environment was proposed. The different network bandwidth adaptive problem was well solved by the extensible network detection model. It has been found that real-time data stream capture from high-bandwidth networks, high-performance multi-thread TCP/IP (transmission control protocol/Internet protocol) protocol stack, and protocol analysis platform based on PLUGINs have captured and assembled the information wonderfully. The architecture integrated these technologies effectively will solve the problems such as the large-scale detection, high-speed data stream, ensuring the in-time, security and veracity of the information on multi-road and high-speed networks.

Key words: zero-copy, multi-thread transmission control protocol/Internet protocol stack, protocol analysis

张兆心，方滨兴，胡铭曾. 支持IDS的高速网络信息获取体系结构[J]. 北京邮电大学学报, 2006, 29(2): 118-122.

ZHANG Zhao-xin, FANG Bin-xing, HU Ming-zeng. An IDS-Supported Architecture of Information Capture for High-Speed Networks[J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2006, 29(2): 118-122.

参考文献

[1] 杨武, 方滨兴, 云晓春, 等. 一种高性能分布式入侵检测系统的研究与实现
[J]. 北京邮电大学学报, 2004, 27(4): 83-86. Yang Wu, Fang Binxing, Yun Xiaochun, et al. Research and implementation of a high-performance distributed intrusion detection system
[J]. Journal of Beijing University of Posts and Telecommunications, 2004, 27(4): 83-86.
[2] 柴平, 龚向阳, 程时端. 分布式入侵检测技术的研究
[J]. 北京邮电大学学报, 2002, 25(2): 68-73. Chai Pingxuan, Gong Xiangyang, Cheng Shiduan. Research on distributed intrusion detection
[J]. Journal of Beijing University of Posts and Telecommunications, 2002, 25(2): 68-73.
[3] Kurmann A, Rauch F, Stricker T. Speculative defragmentation-leading gigabit Ethernet to True zero-copy communication . Cluster Computing, 2001, 4(1): 7-18.
[4] Rubini A, Corbet J. LINUX device drivers
[M]. Sebastopol: O'Reilly & Associates, 2002.
[5] 胡希明, 毛德操. LINUX内核源代码情景分析
[M]. 杭州: 浙江大学出版社, 2001. Hu Ximing, Mao Decao. Analysis the nuclear code of LINUX
[M]. Hangzhou: Zhejiang University Press, 2001.
[6] Charras C, Lecroq T T. Exact string matching algorithms
[M]. London: King's College London Publications, 2004.
[7] Welsh M, Basu A, Eicken T. Incorporating memory management into user-level network interfaces . NY: Cornell University Ithaca, 1997.
[8] Jacob B, Mudge T. Software-managed address translation //In Proceedings of the 3rd International Symposium on High Performance Computer Architecture. Texas: San Antonio, 1997: 156-157.
[9] Denning P J. Virtual memory
[J]. ACM Computing Surveys (CSUR),1970, 2(3): 153-189.
[10] Bjorkman M, Gunningberg P. Performance modeling of multiprocessor implementations of protocols
[J]. IEEE/ACM Transactions on Networking, 1998, 6(3): 262-273.

支持IDS的高速网络信息获取体系结构

An IDS-Supported Architecture of Information Capture for High-Speed Networks

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 0

编辑推荐

Metrics

本文评价