| Information security is a much more important factor in network system design today than before. In network security field, intrusion detection has been an important research point. On the other hand, it also faces many challenges. One of these challenges is that the detecting speed can not match the network's requirements. Most of the intrusion detection systems could not handle the processing with the maximal data load in 100Mbps-level networks, not to mention 1000Mbps networks. These systems could not meet the requirements of facility and scalability either. Network Processor is an efficient resolve method to these problems.IXP2400 is a new generation network processor of Intel Corporation and it has higher performance and better scalability. This thesis designed and implemented a new IDS based on IXP2400. The system utilized high performance of internal hardware and adopted a signature matching algorithm which has high efficiency. So the whole system's performance can meet the requirement of high speed network environment.The main work I did comprise deeply researching of IXP2XXX processors'architecture, studing and thinking of the intrusion detection system's requirements, giving out a designment of the"receiving-classification based on protocol-detection"system, implementation of the modules included in this system and completion the performance analysis in a simulation environment. In the process of designing and implementing, I resolved some problems such as what to do in parsing module, which algorithm to adopt in matching module, how to pass the data between different modules, how to order the threads, how to record the checking results and so on. At last, I summarized the weakness of the implementation and pointed out what to do for future improvements. |
PDF Full Text Request