基于混合模式匹配算法的网络入侵检测  被引量：5

作　　者：周琰[1] 马强[1] ZHOU Yan;MA Qiang(National Meteorological Information Centre,Beijing 100081,China)

机构地区：[1]国家气象信息中心,北京100081

出　　处：《计算机测量与控制》2022年第11期65-70,共6页Computer Measurement &Control

基　　金：国家重点研发计划《全球变化及应对》重点专项基金项目(2016YFA0602101);国家气象信息中心信息网络安全与“信创”技术研发创新团队基金项目(NMIC-202011-05)。

摘　　要：为了提升中央处理单元(CPU)和图形处理单元(GPU)协同检测网络入侵的性能,提出了一种具有数据包有效载荷长度约束的CPU/GPU混合模式匹配算法(LHPMA);在分析CPU/GPU混合模式匹配算法(HPMA)的基础上,设计了长度约束分离算法(LBSA)对传入数据包进行提前分类;当传入数据包加载到CPU之前,LBSA根据有效载荷长度约束减少有效载荷长度的多样性;长度超过约束的数据包直接分配给CPU的预过滤缓冲区进行快速预过滤,剩余数据包则直接发送至CPU主存储器中的全匹配缓冲区,并将较短数据包直接分配给GPU进行全模式匹配,提升了CPU/GPU协同检测网络入侵的性能;实验结果表明,LHPMA的性能优于HPMA以及CPU和GPU的单独处理方法;LHPMA增强了HPMA的处理性能,充分发挥了GPU并行处理较短数据包的优势,并且LHPMA提高了网络入侵检测的吞吐量。In order to improve the performance of central processing unit(CPU)and graphics processing unit(GPU)in detecting network intrusion,a CPU/GPU hybrid pattern matching algorithm(LHPMA)with the packet payload length constraint is proposed.Based on the analysis of the CPU/GPU hybrid pattern matching algorithm(HPMA),a length constrained separation algorithm(LBSA)is designed to classify incoming packets in advance.Before the incoming packets are loaded into the CPU,the LBSA reduces the diversity of payload length according to the payload length constraint.The packets whose length exceeds the constraint are directly allocated to the pre filtering buffer of the CPU for fast pre filtering,and the remaining packets are directly sent to the full matching buffer in the main memory of the CPU.The shorter packets are directly allocated to the GPU for full pattern matching,which improves the performance of the CPU/GPU cooperative detection of network intrusion.The experimental results show that the performance of the LHPMA is better than that of the HPMA,CPU and GPU.The LHPMA enhances the processing performance of the HPMA,which gives full play to the advantage of the GPU parallel processing of shorter packets,and the LHPMA improves the throughput of network intrusion detection.

关 键 词：网络安全 模式匹配算法 有效载荷 网络入侵检测系统 图形处理单元 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术] TP181[自动化与计算机技术—计算机科学与技术]