The Research And Design Of The Network Intrusion Detection System Based On Octeon Multi-core Processing

Due to high speed and heavy traffic of current network, the rule library for intrusion detection becomes large, raising single CPU's main frequency encounters bottleneck, and promoting processing capability is slow, traditional network intrusion detection systems are greatly challenged. Aim at above problems, this thesis proposes a network intrusion detection scheme based on Octeon multi-core processor. This system makes full use of multi-core advantage. Through using hardware acceleration techniques for network data processing controlled by software, introducing multi-thread programming into the engine and analyzer, and parallely executing matching detection to different rule entries on multiple cores, this thesis has overcome the defects existing in current mainstream NIDS excuted by single CPU. Octeon-NIDS based on multi-core processing, which is studied, designed and realized by this thesis, has great significance to network security defense in the environment of current high-speed network.At first, the thesis analyzes mainstream network intrusion detection systems and main network high-end products based on multi-core, and points out the urgent problems with intrusion detection under high-speed network enviorment. It analyzes the techniques for Octeon multi-core processing, including Octeon's hardware and software architecture, Octeon packet flow processing and cross-development tools. It proposes a general design scheme for Octeon-NIDS system, which takes HOST + InfiniWay board architecture, and modified pipelining packet processing fashion, running in SMP Linux mode.The thesis illustrates the design and implementation of the general control and CLI module, the data source module, the detection engine module and the alert and log module of Octeon-NIDS system. It realizes concurrent executions for main processing of intrusion detecting by using POSIX multi-thread programming. It discusses the several key techniques in system development at depth, such as the hardware acceleration technique of Octeon network multi-core processor, the AC_NFA multi-pattern matching algorithm, the zero copy technique in Linux kernel, the packet flow processing technique, and the Lua script language programming technique in CLI interface, and so on. At last, the thesis builds cross-compiling platform and transplants system to the InfiniWay board. The thesis simulates high-speed network environment by using Ixia load tester, tests the system, gives out the related data and analytical results, and verifies the system.