基于混合模式匹配算法的网络入侵检测
2022,30(11):65-70
摘要:为了提升中央处理单元(CPU)和图形处理单元(GPU)协同检测网络入侵的性能,本文提出了一种具有数据包有效载荷长度约束的CPU/GPU混合模式匹配算法(LHPMA)。在分析CPU/GPU混合模式匹配算法(HPMA)的基础上,设计了长度约束分离算法(LBSA)对传入数据包进行提前分类。利用CPU中的预过滤缓冲区对较长数据包进行快速预过滤,结合全匹配缓冲区将较短数据包直接分配给GPU进行全模式匹配,通过减少有效载荷长度的多样性,提升了CPU/GPU协同检测网络入侵的性能。实验结果表明,LHPMA增强了HPMA的处理性能,充分发挥了GPU并行处理较短数据包的优势,并且LHPMA提高了网络入侵检测的吞吐量。
关键词:网络安全;模式匹配算法;有效载荷;网络入侵检测系统;图形处理单元;
Network Intrusion Detection based on Hybrid Pattern Matching Algorithm
Abstract:In order to improve the performance of central processing unit (CPU) and graphics processing unit (GPU) in detecting network intrusion, this paper proposes a cpu/gpu hybrid pattern matching algorithm (LHPMA) with packet payload length constraints. Based on the analysis of cpu/gpu hybrid pattern matching algorithm (HPMA), a length constrained separation algorithm (LBSA) is designed to classify incoming packets in advance. The pre filter buffer in the CPU is used to quickly pre filter long packets, and the short packets are directly allocated to the GPU for full pattern matching in combination with the full match buffer. By reducing the diversity of payload length, the performance of cpu/gpu cooperative detection of network intrusion is improved. The experimental results show that lhpma enhances the processing performance of HPMA, gives full play to the advantage of GPU parallel processing shorter packets, and lhpma improves the throughput of network intrusion detection.
Key words:Network security; Pattern matching algorithm; Payload; Network intrusion detection system; GPU;
收稿日期:2022-05-29
基金项目:国家重点研发计划《全球变化及应对》重点专项“基于高分辨率气候系统模式的无缝隙气候预测系统研制与评估”第一课题“高分辨率气候系统模式中的动力框架改进及物理过程不确定性研究”(2016YFA0602101);国家气象信息中心信息网络安全与“信创”技术研发创新团队(NMIC-202011-05)
