Method for improving IPS detection performance by adopting AMP architecture

A performance and data packet technology, applied in digital transmission systems, electrical components, transmission systems, etc., can solve the problems of powerless detection performance, insufficient flexibility and scalability, and inability to support functions, so as to reduce the number of data copies and improve processing Efficiency, the effect of reducing system calls
CN101778012AInactive Publication Date: 2010-07-14BEIJING TOPSEC TECH
0 Cites 5 Cited by

Patent Information

Authority / Receiving Office
CN · China
Current Assignee / Owner
BEIJING TOPSEC TECH
Publication Date
2010-07-14
Estimated Expiration
Not applicable · inactive patent

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The invention provides a method for improving IPS detection performance by adopting AMP architecture, which comprises the following steps: step A, a hardware layer receives network data packets, and the data packets are transferred to a network processor (NP) through a hardware shunting mechanism; step B, after the NP receives the data packets, network flow processing (comprising recombination of IP fragments, decoding and exchanging of the data packets and establishment and maintenance of connection) is carried out on the data packets, and the processed data packets are packed into IPS queues, wherein each IPS detection process corresponds to an IPS queue; step C, each IPS process waits for data on the IPS queue thereof, when the data exists on the IPS queue, feature detection is carried out on the data packets, and the detected data packets are injected into a network processing layer; and step D, the NP acquires the data packets which are transferred from each IPS process and are processed by IPS detection, and the subsequent processing is carried out according to detection results. The invention can improve IPS performance on a multi-core processor platform by utilizing the parallel processing technique.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention relates to the technical field of network security and networking, in particular to a method for improving IPS detection performance by adopting an AMP framework. Background technique

[0002] Intrusion Prevention System (IPS), as a security product that is connected in series in the network and provides deep attack defense for the protected network, has been more and more widely used. However, with the advancement of network technology and the in-depth development of network applications in various industries, the performance of intrusion prevention systems is becoming more and more important in the detection process. Only when the performance of intrusion prevention detection is guaranteed, efficient analysis algorithms , a complete rule set, etc. may be useful.

[0003] In view of the complexity of IPS features and the characteristics of real-time updates, IPS detection and feature filtering are generally implemented by software, but ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More