Font Size: a A A

Research On Performance Analysis And Packet Distribution For IDS Based On Multi-core Platform

Posted on:2012-05-09Degree:MasterType:Thesis
Country:ChinaCandidate:C ChenFull Text:PDF
GTID:2218330362460311Subject:Computer Science and Technology
Abstract/Summary:
The traditional IDS(Intrusion Detection System) is unable to deal with the fast-growing network traffic, the emergence of multi-core processors offers a chance to break through this trouble. On the basis of the analysis of current IDSs and their load-balancing algorithms, this paper researches into a new architecture of IDS based on commodity multi-core processors and its packet-distributing algorithms.The main work of this paper is:Aiming at the problem that the traditional IDS is unable to run on multi-core platform directly, here proposes an architecture of IDS based on commodity multi-core platform, in which several detection engines work in parallel. This design can achieve high-speed detection and has low price-performance ratio. After this, here analyses several factors affecting the performance of IDS, and confirms the degree of their affection by experiments.The traditional packet-distributing algorithms aim at achieve a balance of packet numbers of connect-request numbers on every nodes, but not the balance of the load on detection engines. To deal with this problem, this paper proposes a method to evaluate the overhead of packet-matching, it considers the property of packets, the configure of IDS and detection rules, uses AHP(Analytic Hierarchy Process) to determine the weights of these factors, and uses weight average methodology to build up evaluation model to evaluate a single packet's matching overhead. The experiment proves that, the result of this evaluation method is consistent with the result of real test on the whole.On the basis of the method of evaluating the overhead of packet-matching, here proposes a method of the classification of packet loads, and furtherly proposes a packet-distributing algorithm based on the classification of packet loads. The method is, replace the property of single packet with the statistical average value of the property of packets belongs to a certain protocol, and then evaluate the average overhead of different protocols and divide the results into 5 sections decreasingly. Combined with the same classification of detection engine according to their loads, the algorithm distribute packets with high overhead evaluation result to detection engines of low load and vice versa. Experiments show that the algorithm can make the load of all the detection engine at a same level, at the same time, it reduces the packet-loss-rate and improves the performance of IDS.According to the IDS prototype and the results of experiments, the algorithm proposed in this paper improves the performance of IDS based on commodity multi-core processors. This algorithm is applied in a certain intrusion detection equipment and does a good job in it.
Keywords/Search Tags:Commodity Multi-Core Processor, Intrusion-Detection, Performance analysis, Overhead of Packet-Matching, Packet-Distributing Algorithm
Related items