Abstract: Intrusion detection is a dynamic core technology in network security. With the ever-increasing wire-speed and packets dropping and false positive the existed NIDS doesn’t fit for high-speed network any longer. Network processor can analyze packets in parallel mode and shorter inner latency by using hardware threads, multi-level memories, and obtain flexibility by using programmable components. This paper builds a validate high-speed platform for intrusion detection and achieves much good approaches, methods and ideas to overcome the speed bottleneck in current IDS.

Key words: Network processor; Intrusion detection; Multi-level parallel; Hardware thread; Scheduling policy

摘要： 入侵检测是网络安全的核心技术。随着网络速度的不断提升，现有NIDS 的检测速度已不适应千兆位以上网络，漏检率和误检率越来越高。网络处理器以高度并行、硬件多线程、多级存储和灵活可编程等先进技术提供高速的数据包处理性能。该文对利用网络处理器解决入侵检测的速度瓶颈提出了观点、方法和策略，设计和实现了一个面向入侵检测的高速网络处理器原型。

关键词: 网络处理器；入侵检测；多级并行；硬件线程；调度策略