摘要： 网络速度快速提升、网络协议日新月异、攻击种类层出不穷，传统的基于软件的IDS检测速度已不胜任千兆以上网络。该文引入网络处理器技术，以硬件代替软件实现关键算法，解决了入侵检测中的速度瓶颈问题。设计了一个面向入侵检测的高速网络处理器原型，仿真实验表明其检测速度为原系统的107.36倍。

关键词: 入侵检测, 网络处理器, 模式匹配, 硬件实现

Abstract: Due to the fast increasing wire-speed of the network and the various new network protocols as well as the emerging of diversified attacks, an Intrusion Detection System(IDS) has to check more and more packages getting through the Internet. The former IDS based on software, being too slow to capture all the passing packages, are not valid in such high-speed network as Gb/s any longer. In order to solve the speed bottleneck problem for an IDS, a new network processor technique is introduced to achieve a high-speed IDS prototype by using hardware instead of software. The simulation study shows that the packets-checking speed of the newly constructed IDS is 107.36 times as that of the former IDS.

Key words: intrusion detection, network processor, pattern matching, hardware implementation

中图分类号: 

• TP393.05