Efficient Intrusion Detection Technology Based On Multi-core Processors And Implementation,

The rapid development of information technology also brought a more serious problem of network security.Traditional network security technologies such as firewalls, intrusion detection systems exist significant deficiencies: on the one hand, to prevent more and more frequent "instantaneous attack" (one session to achieve the effect of the attack) could do nothing about it; On the other hand, these technologies in real-time block the invasion of attacks there are obvious deficiencies. Hence the urgent need for new techniques and tools to ensure network security, especially gigabit network defense systems have been high hopes, will become the mainstream of network security technologies.Gigabit network intrusion defense system is composed of three parts: the data packet processing, intrusion detection and intrusion prevention. The protocol data packets analysis, restructuring are the main functions of packet processing. In this paper, the main work of the author focuses on the part of intrusion detection in GNIPS. The author analyses many mechanism of security defense, studies the feature, implement- ation principles, working methods and key technologies of Gigabit network intrusion prevention system. And through these studies, the author gives a highly efficient intrusion prevention system solutions based on load balancing. Mainly covering the following aspects:1. A detailed introduction of the Gigabit network intrusion defense system of the overall program, including hardware selection, the main software architecture, intrusion detection module design and performance considerations. Possible network intrusion defense system improves performance, enhance its adaptability.2. For network bandwidth to increase network intrusion detection system performance requirements, Proposed methods make use of dedicated multi-core processors for intrusion detection, and give the appropriate load balancing strategy, detection engine using snort, multi-platform implementation and improvement of transplant.3. A detailed introduction of the intrusion detection module architecture, including the detection engine data flow diagram, a single detection engine to improve the organizational structure of the rules, pattern-matching algorithm in different network environment to improve adaptability.4. To build a test environment, the preparation of the test procedures discussed in this paper Gigabit network intrusion defense system load balancing subsystem functional testing and performance testing, and conducted performance analysis.Test results show that the discussion Gigabit network intrusion defense system in packet processing subsystem functionality and performance are able to achieve the desired design objectives, and relevance.