Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for improving IPS detection performance by adopting AMP architecture

A performance and data packet technology, applied in digital transmission systems, electrical components, transmission systems, etc., can solve the problems of powerless detection performance, insufficient flexibility and scalability, and inability to support functions, so as to reduce the number of data copies and improve processing Efficiency, the effect of reducing system calls

Inactive Publication Date: 2010-07-14
BEIJING TOPSEC TECH
View PDF0 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In recent years, the network processor (NP) has been widely used in the Gigabit environment, but the advantage of NP is mainly in the packet processing below the network layer, if the content processing will lead to performance degradation, the ASIC architecture IPS It uses specially designed ASIC chip logic for hardware acceleration processing, and obtains high processing capabilities by solidifying instructions or calculation logic into the chip, thereby significantly improving the performance of IPS products; but the ASIC-based IPS The disadvantages are also obvious: insufficient flexibility and scalability, high development costs, long development cycle, and cannot support too many functions
[0005] Although the above hardware acceleration implementation methods have improved the processing performance of network data packets below the network layer to a certain extent, they are powerless to improve the detection performance of IPS.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for improving IPS detection performance by adopting AMP architecture
  • Method for improving IPS detection performance by adopting AMP architecture
  • Method for improving IPS detection performance by adopting AMP architecture

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0020] Below, refer to the attached Figure 1~2 The method for improving the detection performance of the IPS by using the AMP framework of the present invention is described in detail.

[0021] The core idea of ​​the present invention is: to develop a multi-core based IPS system, the system adopts AMP architecture, so that the network processing of data packets and IPS detection are performed asynchronously, and the multiple processors inside the IPS detection process and network processing Parallel execution, so that multiple IPS detection processes are executed in parallel at any time, thus fundamentally solving the performance bottleneck of the IPS system.

[0022] For multi-core processors, the CPU set (processor set) can be divided into a LinuxCPU set and an NP (network processor) set according to specific needs. The Linux CPU set is scheduled to execute the Linux operating system, and the IPS detection process is run on it; the NP set It is scheduled to execute the net...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method for improving IPS detection performance by adopting AMP architecture, which comprises the following steps: step A, a hardware layer receives network data packets, and the data packets are transferred to a network processor (NP) through a hardware shunting mechanism; step B, after the NP receives the data packets, network flow processing (comprising recombination of IP fragments, decoding and exchanging of the data packets and establishment and maintenance of connection) is carried out on the data packets, and the processed data packets are packed into IPS queues, wherein each IPS detection process corresponds to an IPS queue; step C, each IPS process waits for data on the IPS queue thereof, when the data exists on the IPS queue, feature detection is carried out on the data packets, and the detected data packets are injected into a network processing layer; and step D, the NP acquires the data packets which are transferred from each IPS process and are processed by IPS detection, and the subsequent processing is carried out according to detection results. The invention can improve IPS performance on a multi-core processor platform by utilizing the parallel processing technique.

Description

technical field [0001] The invention relates to the technical field of network security and networking, in particular to a method for improving IPS detection performance by adopting an AMP framework. Background technique [0002] Intrusion Prevention System (IPS), as a security product that is connected in series in the network and provides deep attack defense for the protected network, has been more and more widely used. However, with the advancement of network technology and the in-depth development of network applications in various industries, the performance of intrusion prevention systems is becoming more and more important in the detection process. Only when the performance of intrusion prevention detection is guaranteed, efficient analysis algorithms , a complete rule set, etc. may be useful. [0003] In view of the complexity of IPS features and the characteristics of real-time updates, IPS detection and feature filtering are generally implemented by software, but ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L12/26H04L12/56H04L29/06H04L12/811
Inventor 张宏君
Owner BEIJING TOPSEC TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com