摘要： 入侵检测系统是一种维护网络安全的手段。文章提出了基于网络处理器和处理机群的入侵检测系统的体系结构，详细讨论了利用网络处理器实现流量分配器功能，并对其中的关键算法进行了介绍。研究结果表明，经过算法优化，采用网络处理器IXP1200 实现的流量分配器可以完成1000Mbps 以上数据的实时采集，基于CAM 技术的转发策略在维护信息完整性和降低处理复杂度两方面体现了很好的折中，达到了合理的流量分配。

关键词: 网络处理器；入侵检测系统；多线程；负载均衡

Abstract: Intrusion detection technology is an indispensable way to keep the network safe. This paper proposes an intrusion detection system (IDS) framework based on network processor and detecting cluster. The possibility of functioning the distributor by IXP1200 and the key algorithms of the distributor are discussed. The result shows that the distributor can achieve more than 1 000Mbps data-capturing ability, and the load balance policy based on CAM is a satisfying trade-off on protecting the information integrity and reducing computing complexity

Key words: Network processor(NP); Intrusion detection system (IDS); Multithreading; Load balance