摘要： 高速入侵检测是当前网络安全领域研究的热点问题之一，而高速分流设计是高速入侵检测的一个关键技术。基于网桥的高速动态分流设计利用Linux网桥的防火墙架构，按照动态负载均衡的分流算法在数据链路层对网络数据包重新封装，再路由到各个探测器中，该方法针对入侵检测的分流特点，能够转发所有网络层数据，且成本低、易控制、扩展能力强。实验分析表明该方法在高速网中具有动态负载均衡的效果。

关键词: 高速入侵检测, 动态负载均衡, 网桥, 防火墙

Abstract: At present intrusion detection system has reached its limits in high-speed network. High speeds packet filter technique is the main point. This paper proposes high-speed dynamic data-distribution architecture. The high-speed dynamic data-distribution based on bridge takes advantage of Linux Ethernet bridging firewall framework, which captures IP packets and resets its destination Mac-Address so as to redirect packets to packet filter node. The technique can redistribute all packets in network layer in low-cost, manageable and easy expansion. Experiment proves that this data-distribution technique is effective and feasible.

Key words: High-speed intrusion detection, Dynamic-load balancing, Bridges, Firewall