Dissertation > Excellent graduate degree dissertation topics show

Based on multi-core platform Intrusion Detection System Design and Implementation

Author: ZhuangZhuoJun
Tutor: HuYueMing
School: Shanghai Jiaotong University
Course: Computer System Architecture
Keywords: Multi-core computing technology Network Intrusion Detection System (NIDS) Snort Load Balancing Scheduling Algorithm Factor Analysis Model
CLC: TP393.08
Type: Master's thesis
Year: 2009
Downloads: 68
Quote: 3
Read: Download Dissertation


The development of Internet technology, information exchange and sharing provides a convenient, but it also brings a lot of security risks. Intrusion detection technology is the solution to network security risks one of important technologies, it is capable of illegal or unauthorized use of computer systems to identify personnel and activities. As network speeds continue to increase, the traditional network intrusion detection system (NIDS) has been unable to meet the needs of high-speed detection, how to improve detection speed NIDS current intrusion detection has become an important issue for technological development. The rapid development of multi-core computing technology for the realization of high-speed NIDS provides strong support through a reasonable division of inspection tasks and scheduling, and take advantage of multi-core CPU parallel execution of physical nuclear inspection tasks can effectively improve the NIDS detection speed. Based on the intrusion detection technology and multi-core computing technology research, the design of a parallel multi-core platform based NIDS system, which has a simple architecture and good scalability. I use Snort intrusion detection system framework to achieve a task scheduling and parallel detection and other functions, and integrate them into the framework of Snort system. The main innovations include the following three aspects: first, through the analysis and comparison of different parallel NIDS theoretical model, we propose a suitable platform to achieve the NIDS multicore architecture and framework based on Snort achieved. System implementation, including flow state table, performance load tables and packet ring buffer and other key modules, and through part of the code in Snort multithreading to improve the detection efficiency of Snort. The experimental results show that: for most of the network traffic, the system speedup generally increases with the increase of the number of threads to improve significantly. Second, in considering the impact of the load on the basis of multiple performance indicators, we propose a system for the load balancing scheduling algorithm. The algorithm to ensure data flow connection to keep the conditions, the detection task for a more reasonable division and scheduling. The experimental results showed that: when the network traffic data stream number of connections and the number of packets to be detected sufficiently long time, the algorithm is usually higher than the minimum packet throughput packet scheduling method to connect high throughput. Third, we propose a new definition of the load factor method. The load factor is defined traditional methods rarely consider the definition of performance indicators affecting the relationship between the methods and definitions are too subjective, the lack of support for the theoretical analysis, to a certain extent, affected the definition of accuracy. In this paper, factor analysis model, the performance indicators of the original group was not associated with a factor variable indicates, through a more reasonable load factor variables define and use variable substitution method, the original re-presents a performance index as a parameter The load factor is defined more reasonable approach. The experimental results showed that: when the system is captured network packets are enough and more accurate analysis of the flow characteristics, the method is usually higher than the original definition of the subjective method works well.

Related Dissertations

  1. An Study on the Efficiency of the Listed Real Estate Companies Based on Factor Analysis Method,F224
  2. Study of snort -based IPS,TP393.08
  3. Mechanisms based on trust metrics Research and Implementation of Intrusion Detection System,TP393.08
  4. Design and implementation of intrusion detection system based on association rules,TP393.08
  5. The Research of Network Intrusion Detection System in Campus LAN,TP393.08
  6. The Design of Campus Network Distributed Intrusion Detection System Based on Snort,TP393.08
  7. Research and Implement of Mining Association Rule Based on Snort Intrusion Detection System,TP393.08
  8. Research on Matching Process and Algorithm Improvement of Intrusion Detection,TP393.08
  9. Application and Research of Intrusion Detection System Base on Honeypot,TP393.08
  10. Collaborative Intrusion Detection Research in Peer-to-Peer Network,TP393.08
  11. Research and Design of IDS Based on IPv6,TP393.08
  12. The Research and Application of Distributed Intrusion Detection System Based on Snort,TP393.08
  13. Design and Implementation of Instrision Detection System Based on Linux,TP393.08
  14. Research of Network Intrusion Detection Method Based on Outlier Mining,TP393.08
  15. The Research and Improvement of Intrusion Detection System Based on Snort,TP393.08
  16. Research on Detection and Defense Method of DoS Attacks in WLAN,TN925.93
  17. Snort detection rate of high-speed networks to improve research methods,TP393.08
  18. The Research and Application for Intrusion Detection System in Campus Network,TP393.08
  19. Snort’s Application of Intrusion Detection System in Campus Important Subnet,TP393.08
  20. Investigating Intrustion Detection System Based on Neural Network,TP393.08
  21. Research and Implementation of Hybrid Intrusion Detection System Based on Snort,TP393.08

CLC: > Industrial Technology > Automation technology,computer technology > Computing technology,computer technology > Computer applications > Computer network > General issues > Computer Network Security
© 2012 www.DissertationTopic.Net  Mobile