检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:宗学军 刘欢欢 何戡 连莲 Zong Xuejun;Liu Huanhuan;He Kan;Lian Lian(School of Information Engineering,Shenyang University of Chemical Technology,Shenyang 110142,China;Liaoning Provincial Key Laboratory of Information Security in Petrochemical Industry,Shenyang 110142,China)
机构地区:[1]沈阳化工大学信息工程学院,辽宁沈阳110142 [2]辽宁省石油化工行业信息安全重点实验室,辽宁沈阳110142
出 处:《网络安全与数据治理》2023年第4期56-61,84,共7页CYBER SECURITY AND DATA GOVERNANCE
基 金:辽宁省兴辽英才计划(XLYC2002085);中央引导地方科技发展基金项目(辽科发规[20.23]7号-36)。
摘 要:针对现有实时入侵检测系统(Intrusion Detection System,IDS)面对超千兆每秒高速工业网络流量时实时检测性能与准确率不足,在传统Suricata IDS的基础上,引入数据平面开发套件(Data Plane Development Kit,DPDK)技术提升系统数据包捕获处理能力,降低系统消耗。同时在规则匹配时采用高效规则匹配算法NEW_WM(NEW-Wu-Manber)提升系统实时检测的效率与检测准确率。系统测试与油气集输攻防演练平台上的应用结果证明,系统面对高速网络流量时在降低系统消耗的同时,提升了系统的实时检测效率与检测准确率。To tackle the shortages of real-time detection performance and accuracy of existing intrusion detection systems when confronted with high-speed industrial network traffic exceeding one gigabit per second,this study proposed the integration of DPDK technology into the conventional Suricata IDS.This integration aims to enhance the system’s packet capture processing capabilities and reduce its resource consumption.Furthermore,to improve the efficiency and accuracy of real-time detection it incorporated the NEW_WM algorithm,an efficient rule matching algorithm,for rule matching.The effectiveness of the proposed system was evaluated using the oil and gas gathering and transportation attack and defense drill platform.The system test and application results revealed that the proposed system reduces resource consumption and improves real-time detection efficiency and accuracy when dealing with high-speed network traffic.
关 键 词:DPDK Suricata NEW_WM 实时入侵检测系统 油气集输攻防演练平台
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.144.162.109