Research And Implementation Of High Performance Intrusion Detection System Based On DPDK

The rapid development of the computer science has brought the society into the era of information explosion.For the network technology,including the hardware,it needs to adapt to the current complex network environment where the large amount of data exist as much as possible.Traditional network security products start to emerge weakness facing this environment.To cope with massive data and increasingly complex network attacks,maximize the advantages of high-performance hardware,this paper proposes an intrusion detection system based on DPDK(Data Plane Development Kit)high-performance framework.In this paper,the open-source high-performance intrusion detection system Suricata is expanded.The native Suricata supports most of the mainstream packet processing frameworks,such as Libpcap,NETMAP,PF_RING,etc.,but does not support DPDK packet processing framework.Therefore,the purpose of this paper is to integrate DPDK into Suricata,and cooperate with Hyperscan regular matching engine to achieve a highperformance intrusion detection system.In this paper,the system is divided into four modules: packet capture,packet decoding,packet detection and log recording.In the packet capture module and packet decoding module,this system uses DPDK technology to achieve efficient packet capture module,which reduces the time and space consumption benefited from data copy and software and hardware interruption.At the same time,the efficient access technology of DPDK is used to optimize the occupation of system resources and accelerate the speed of packet decoding.Then in the detection module and the log module,Suricata mainly uses the pattern matching technology.Through the comparative analysis of the current popular AC algorithm,BM algorithm in the field of pattern matching and Hyperscan regular matching engine,and test them in the test phase,the results show that DPDK combine with Hyperscan are better in this system.Through the overall test of the intrusion detection system based on DPDK,and according to the experimental results,this system has higher detection efficiency and performance than the traditional intrusion detection system.