Unlock instant, AI-driven research and patent intelligence for your innovation.

A method for kilomega NIDS parallel processing based on NP and BS

A parallel processing and network processor technology, applied in digital transmission systems, electrical components, transmission systems, etc., can solve problems such as insufficient high-speed data flow processing capabilities, meet the needs, reduce the number of lost packets, and improve the detection rate.

Inactive Publication Date: 2009-02-11
NANJING UNIV
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The purpose of the present invention is to propose a method for parallel processing of Gigabit NIDS based on NP and BS, aiming at the problem that the current network intrusion detection system is insufficient in processing high-speed data streams, utilizing the high-speed, high-speed processing of network data streams by network processors Based on the characteristics of stability and programmability, as well as the parallelism and easy expansion of blade servers, a three-level parallel processing method of processor, processor and thread for high-speed data traffic detection in Gigabit NIDS is given

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method for kilomega NIDS parallel processing based on NP and BS
  • A method for kilomega NIDS parallel processing based on NP and BS
  • A method for kilomega NIDS parallel processing based on NP and BS

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0013] control figure 1 (The solid line represents the data flow, and the dotted line represents the control flow). The network processor receives all the data packets that need to be detected through the mirror port, and uses its data packet forwarding module to forward the arriving data packets according to a certain data flow division algorithm. , Divide the high-speed network data stream into multiple low-speed data streams, hand them over to the back-end detectors for processing, and minimize the collaborative relationship between the detectors. At the same time, the back-end detectors feed back their load status to the forwarder, and the forwarder dynamically adjusts the traffic division according to the feedback obtained, so as to ensure that the load of each detector is as balanced as possible.

[0014] exist figure 1 In the entire process shown, step 1 is the initial action. Step 2: The data flow division method of the network processor is to divide the data packets...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The relative giga-level NIDS paralleled process method based on NP and BS comprises: receiving all data package from target network by a translator; dividing high-speed network data flow into multiple low-speed data flow, and determining target detector; changing target MAC of data package into detector MAC, and sending to the detector by a exchange board; with two complementary threads, acquiring data, analyzing protocol, and matching feature; and forming a detection result on console. This invention improves process capacity of whole system, and reduces package-missing rate.

Description

technical field [0001] What the present invention relates to is a kind of method based on NP (network processor) and BS (blade server) gigabit NIDS parallel processing, promptly is a kind of method based on network processor and blade server, is used for solving the bottleneck of speed detection of high-speed backbone network A method for parallel processing of packets. The invention belongs to the technical field of detection in network security products. Background technique [0002] An Intrusion Detection System (IDS) is a software or hardware system that automatically monitors events occurring on a computer or network and analyzes them for signs of a security compromise. According to the source of the analysis data, IDS can be divided into network-based intrusion detection system (NIDS) and host-based intrusion detection system (HIDS). Among them, NIDS has received a lot of applications because it is easy to deploy and does not occupy host resources. NIDS takes all the...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/56H04L12/26H04L12/803H04L12/861
Inventor 黄皓赖海光黄松华
Owner NANJING UNIV