| Based on the national 973 research project, The Obtaining and Monitoring of High Speed Network Information, in which the author has take an active part, this paper discusses the fundamental theories and techniques of network invasion detecting, the hardware architecture and software development technology of IXP2400 network processor, and its embedded IDS development technology oriented to high speed network. In addition, the paper studies the drawbacks of the existing network invasion detecting system and concludes that the basic reason why the users are not satisfied with them is that it is hard to reduce both the misinformation rate and the rate of failing to report simultaneously. Then, it presents that attack defending system and invasion analyzing system are the two key orientations for the development of invasion detecting system, and also analyzes and explores their corresponding technological requirements.based on the analysis of the working principle of Snort and some of its source codes, it introduces the structure of Snort's rule database, how to generate rule trees and analyzes the processes of information collecting, parsing and rule matchingAfter exploring the existing software and hardware technology, it puts forward an embedded IDS design model based on IXP2400 network processors and describes the design scheme in detail. In particular, it analyzes how to implement and microcode the distributing part. The whole system consists of several high performance IXP2400 network processors, some of which are responsible for datagram diffluence and the others of which detect and analyze invasion. It is oriented to backbone network (with the bandwidth larger than 1 Gbps) environment, has high scalability and has the capability of flexibly adjusting the number of processors to adapt to the realistic requirements.
|
PDF Full Text Request