| With the fast development of computer network and the improvement of society information technology, as computer network are making our lives more and more convenient, there are more and more challenges of network security we have to face with. Intrusion prevention system (IPS) is a fresh info-security technology to the disadvantages of firewall and intrusion detection system (IDS). IPS integrates the advantages of firewall and IDS, which can provide the active and real-time ability of intrusion response to the protected network. As the net bandwidth has widely boarded to 1000M, the research and application of gigabit network intrusion prevention system (GNIPS) has been becoming hotspot in info-security field.In this thesis, the disadvantages and advantages of some network security mechanisms are analyzed, such as firewall, IDS, and the principles, classification, features, access control mechanism, detect technology and the performance bottleneck of IPS are introduced in detail, then the challenges that net-security faces with in gigabit network environment are addressed. On the basis of in-depth analysis of the relevant theory of IPS, an efficient, high-performance Gigabit network intrusion prevention system (GNIPS) solution is introduced in this paper, and the principle, workflow and key technologies are analyzed. The GNIPS integrates protocol analysis, pattern matching, multi-detection technology on special hardware platform, which can reduce the rate of false alarm and omission of IPS, and provide deep-seated defense to network intrusion. The dynamic defense mechanism this paper presents can improve the initiative and real-time ability of intrusion response, as to enhance entire security. GNIPS chooses OCTEON CN3860 multi-core platform as the hardware solution.This paper researches the existing multi-core software solutions, such as AMP, SMP, BMP, analyzing the advantages and disadvantages of the related models, and ultimately selects BMP model to implement, then introduces the design of the system software architecture in accordance with pipeline and parallel processing mode. The software architecture can carry out multi-level diffluence and parallel processing to the network data stream, which can exert more fully capability of multi-platform to upgrade the system performance, and satisfy the needs of Gigabit network security Network management is a basic function that all network equipment must provide. The GNIPS probe in this article is a kind of network equipment, its control-plane is responsible for providing safe management interface and completing security interaction of the alarm and log data to the external environment. This thesis discusses the popular SNMP, Web and Netconf management model, and then presents the design of our own solutions and introduce the implementation of control-plane the in the embedded Linux environment, including control-plane software system designing, building and implementation of the various sub-modules of control-plane. Finally in a simulated Gigabit network environment, we test the function of control-plane subsystem. The results show that the implementation of the control-plane meets the desired functional requirements. |
PDF Full Text Request