| During realization network security, Intrusion Detection system (IDS) is the firewall reasonable supplement, recently prepares the people is favored. It helps the system to cope with the network attack, expanded system manager's safety control ability (including safe audit, surveillance, attack has distinguished and responds), enhanced the information security foundation structure integrity. It from the computer network system certain key point collection information, and analyzes these information, has a look in the network whether has violates the security policy the behavior and encounters the attack the sign. The intrusion detection system is considered as second security valve after the firewall, in does not affect the network performance in the situation to be able to carry on the monitor to the network, thus provides to the internal attack, exterior attack and the disoperation real-time protection. However, how still has the problem in this domain which a series of not yet solves - to realize between the auxiliary equipment and the main memory direct transmission I/O data, how reduce the data packet from the network equipment to user program space transmission process in copy number of times, how to enhance the efficiency of catching data packet by using the UDP scanning module enhancement and so on.This article embarked from the improvement existing network intrusion detection system performance angle, proposed the zero-copy and the improvement scanning examination technology unified the network invasion examination model, this article did the prime task mainly had following three points:·Summarized the present network intrusion detection system existence main question, as well as the researcher when solves these problems uses technical and the method development. Through this summary review, can grasp NIDS basically the present situation.·Zero-copy technology design and realization. The zero-copy technology can let the network data from the network equipment to in the user program space transmission process, avoids CPU the participation, simultaneously through in the user space establishment buffer, and maps it the essence space, thus the reduced system essence to the user space memory copy, simultaneously reduced the system call expenses.·Stresses a package of rate low shortcoming in view of the present mainstream UDP scanning module, this project proposed the UDP scanning module further improvement measure. Through the change construction of data, simultaneously according to counts the response side in the data stream the ICMP port not to be possible to arrive the data packet, may greatly enhance greatly grasps the package rate. |
PDF Full Text Request