| With the network technologies developed rapidly and kernel switch technologies improved unceasingly, the local area thousand trillion network has become a popular method. As one of important mechanisms to guarantee the network security, intrusion detection system is unavoidably faced with the challenge of high-speed network. The most part of current intrusion detection products are realized by software. As the current intrusion detection systems almost take the mode matching method to detect attack acts, the computer load of intrusion detection system increases by exponential when network flow growing. At the same time, the computer capability of current processor can not deal with the high-speed network flow, which effects the performance of intrusion detection system seriously.In order to improve the performance of intrusion detection system in high-speed network, the paper takes the network processor, developed for forwarding network packages specially, as the hardware structure. Firstly, the paper explores the new hardware structure and the algorithms based on it. Then, according as the network processor has multiple CPU, the paper comes up with the dynamic load balancing mechanism. By improving the Zomaya algorithm based on genetic algorithm, the paper proposes a new load balancing algorithm to realize the intellective load balancing, which divides the data flows by the load balancing algorithm to processors before the real-time detection. In the end of paper, there is an emulation comparative experiment between the improved algorithm and the zomaya algorithm, which takes OPNET as the network simulation palform.The results of experiment show that the improved algorithm can increase the average usage of processors 7.1 percent, 12.5 percent, 12.8 percent when the speed of network flow distinguishly is 5000 packages per second, 7500 packages per second, 10000 packages per second and decrease the completion time of the whole tasks, which improves the performance of intrusion detection system.
|
PDF Full Text Request