Design And Implementation Of The Control Software In The Parallel IDS Traffic Distribute Device

To guarantee the safety of the network device and the Internet computers, peoplenormally deploy network firewall and Intrusion Prevention/Detection System in thesubnet, or deploy personal firewall and anti-virus software in personal computer inorder to defend against all kinds of malicious attacks or threat caused by internalpersonnel’s improper operation. These devices and software can prevent quite a fewthreats and protect the network security to some degree. On the other side, the growthspeed of the processor and memory processing performance cannot meet the growthspeed of the bandwidth. Therefore networks only depending on the softwareprocessing mode can’t meet the security need brought by the high bandwidth, highspeed network. CPU, memory, bandwidth, delay, etc bring adverse effects in thedevelopment of the network security device.As an important part of dynamic security model IDS plays an important role in thenetwork security protection system, and it offers the internal and external two-wayprotection, which helps the system administrator to monitor the system and network,simplifies the administrator’s work and ensures the normal operation of the system andnetwork. However, as the rapid development of network communication, IDS is alsofacing with its own challenges, such as the high bandwidth, the complex networkstructure, etc. This thesis mainly studies on the design and implementation of thecontrol software of the parallel IDS traffic distribution device. The major works are asfollowing:(1) The module design of IDS device function based on CIDF model is introduced,and a parallel IDS traffic distribution device is introduced, the device’s control card andlinecard structure are included in its hardware, user interface of the control software,system configuration management of control software, system framework and workprocess are included in its control software.(2) The command parsing components of the parallel IDS traffic distributiondevice based on command tree is implemented, and the key technologies of thecommand analysis parts are introduced. And after a command tree is designed,implementing the function of adding, finding, and calling, processing the commandcorrelation of it and implementing the initialization and configuration of the command;(3) Designing and implementing the data communication based on the socket andthe GPIO respectively, and implementing the communication with each module. Asthere are massive rules in the process of parallel IDS traffic distribution device, ruleconflicts may occur in the adding new rules to the rule set. Thus, this thesis puts forwardan algorithm for the rule conflict detection, which can inform the administrator tomodify or delete the rules when conflict occurs between the new added rules and the original ones.(4) Performance variation between the two different data own proposed modes istested. Compared with the data communication based on SOCKET, data communicationbased on GPIO has a better performance, low cost, high stability, but more times of thebus reading/writing.