Design And Implement Of Distribution Machine Based On Network Processor For High-speed Network IDS

With the popularization of social information, people's life has been influenced more and more greatly by information which is a kind of invisible resource. Information security has been the focus which attracts the social attention. The rapid increase of network bandwidth makes the research in security field more difficult. As the useful supplement of firework, intrusion detection system has taken the key effect in the field of high-speed network security and will hold on in the future.Under the circumstance of high-speed network, intrusion detection system needs continuous improvement of reducing false negative rate and false positive rate to achieve real-time detection and information feedback. On one hand, adopting the network processor which has high flexibility and programmable characteristic will be the development trend of the next generation network processing. On the other hand, study on suitable architecture of intrusion detecton system for high-speed network and design of more efficient software algorithm will also be the invariable target.This system chooses the second generation network processor IXP2400 as the main hardware equipment of intrusion detection system. IXP2400 which has 8 microengines and 64 threads is suitable for high-speed network processing because of its strong parallel processing power. This thesis has put forward a new kind of architecture for high-speed intrusion detection sysem, and has designed some parts of the system such as data collect module,distribute module,detect module and manage platform according to their characristics and functions. In addition, through deeply studying and analyzing various kinds of existing distribution algorithms, a new algorithm for multiple protocols and Hash mapping has been presented, and the emulational experiment on Intel IXA SDK3.5 Workben Developer has been made.The experiment results show that the distribution machine can distribute the POS data packet of OC-48 at thread speed and provide undetected data packet flow which is the special type so as to greatly improve the detect capability of the whole system. As a result, the bottleneck problem of high-speed IDS has been partly solved, proving that the new architecture is suitable for high-speed network.