期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

应用层并行重组在NIDS中的设计与实现 被引量:4

Design and Implementation of Application Layer Parallel Reassembling in NIDS
下载PDF
导出
摘要 针对目前网络入侵检测系统在IP分片重组和TCP流重组中的不足,提出应用层协议并行重组的新方法ALPPR及其原型系统.根据报文重组的特点,采用基于LogP模型的并行处理思想和主从模式实现并行任务的分配和处理.在并行重组过程中,采用二维链表保存(例如会话列表、相应状态和任务分配结果等)关键信息.同时,该方法采用动态分配策略实现并行重组中的负载平衡.实验结果证明了ALPPR方法的可行性和有效性. A new parallel reassembly approach ——ALPPR and its prototype are presented in the light of the weakness of present Network Intrusion Detection Systems ( NIDS), especially the procedure of IP fragments and TCP flows reassembling. We adopted an idea based on LogP model and master-slave mode to complete parallel task allocation and implementation. Some key information such as sessions and their corresponding states, operation results were saved by using a two-dimensional linked list in parallel reassembly process. Meanwhile, a dynamic allocation strategy was used to keep load balancing. Experimental results show that ALPPR has good effectiveness and high performance.
作者 杨宏宇 赵晓玲
机构地区 中国民航学院软件技术研究中心 天津大学电信学院
出处 《吉林大学学报(理学版)》 CAS CSCD 北大核心 2006年第4期575-582,共8页 Journal of Jilin University:Science Edition
基金 国家自然科学基金(批准号:60472125) "863"计划项目基金(批准号:2002AA142010) 中国民航总局科技项目基金(批准号:MR0421815) 中国民航学院科技项目基金(批准号:05YK12M) 天津市智能信号与图像处理重点实验室开放项目基金
关键词 入侵检测 并行重组 二维链表 负载平衡 intrusion detection parallel reassembling two-dimensional linked list load balance
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献8

  • 1Handley M,Paxson V,Kreibich C.Network Intrusion Detection:Evasion,Traffic Normalization,and End-to-end Protocol Semantics[C]//Proc USENIX Security Symposium 2001.Boston:Addison-Wesley Professional,2001:107-118. 被引量:1
  • 2LIU Shi-shi,SUN Ji-zhou,ZHAO Xiao-ling,et al.A General Purpose Application Layer IDS[C]//Proc IEEE Canadian Conference on Electrical and Computer Engineering (CCECE).Toronto:Dye & Durham Co Inc,2003:927-930. 被引量:1
  • 3Kruegel C,Valeur F.Stateful Intrusion Detection for High-speed Networks[C]//2002 Proc IEEE Symposium on Security and Privacy.Piscataway:IEEE Computer Society Press,2002:285-294. 被引量:1
  • 4吕志军,郑璟,黄皓.高速网络下的分布式实时入侵检测系统[J].计算机研究与发展,2004,41(4):667-673. 被引量:28
  • 5孙钦东,张德运,高鹏,刘刚.基于动态负载均衡的分层式高速网络入侵检测模型[J].计算机工程,2005,31(12):13-14. 被引量:4
  • 6李晓峰,寿标.LogP模型的改进与FFT算法的优化设计[J].计算机研究与发展,1996,33(6):438-444. 被引量:7
  • 7HWANG Kai,XU Zhi-wei.Scalable Parallel Computing:Technology,Architecture,Programming[M].Columbus:McGraw-Hill,1998. 被引量:1
  • 8ZHAO Xiao-ling,SUN Ji-zhou,LIU Shi-shi,et al.A Parallel Algorithm for Protocol Reassembling[C]//Proc IEEE Canadian Conference on Electrical and Computer Engineering (CCECE).Toronto:Dye & Durham Co Inc,2003:901-904. 被引量:1

二级参考文献16

  • 1[1]V Paxson. Bro: A system for detecting network intruders in real-time. USENIX Association, 1998, 1(1): 31~51 被引量:1
  • 2[2]K Huang, Z W Xu. Scalable Parallel Computing. Hongkong: China Machine Press, 2000 被引量:1
  • 3[3]D D Clark, S Shenker, L X Zhang. Supporting real-time applications in an integrated services packet network architecture and mechanism. Proc of ACM SIGCOMM, Baltimore, Maryland, USA, 1992 被引量:1
  • 4[4]A Demers, S Keshavt, S Shenker. Analysis and simulation of fair queuing algorithm. Proc of ACM SIGCOMM, Austin, TX, USA, 1989 被引量:1
  • 5[5]G Varghese, M Shreedar. Efficient fair queuing using deficit round robin. Proc of ACM SIGCOMM, Cambridge, MA, USA, 1995 被引量:1
  • 6[6]S Floyd, V Jacobson. Link-sharing and resource management models for packet network. IEEE/ACM Trans on Networking, 1995, 3(4): 365~386 被引量:1
  • 7[7]I Stoica, S Shenker, H Zhang. Core-stateless fair queuing: Achieving approximately fair bandwidth allocations in high speed networks. Computer Communication Review, 1998, 28(4): 118~130 被引量:1
  • 8[8]C Kruegel, F Valeur, G Vigna et al. Stateful intrusion detection for high-speed networks. In: Proc of the 2002 IEEE Symp on Security and Privacy. Los Alamitos, California: IEEE Computer Society Press, 2002. 285~294 被引量:1
  • 9[9]N F Puketza, K Zhang, M Chung et al. A methodology for testing intrusion detection systems. IEEE Trans on Software Engineering, 1996, 22(10): 719~729 被引量:1
  • 10NSS Group. Intrusion Detection and Vulnerability Assessment[R].Technical Report, NSS, Oakwood House, Wennington, Cambridge Shire, UK, 2000. 被引量:1

共引文献36

同被引文献37

引证文献4

二级引证文献9

吉林大学学报(理学版)
2006年 第4期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部