摘要
在高速网络环境下,利用入侵防御系统(IPS)对全部的网络流量进行检测是一项十分巨大挑战。网络处理器是专门处理和转发网络数据流的高速可编程处理器,在网络交换及通信设备中有着十分广泛的应用。论文首先介绍IPS的特点,及其在网络安全中的重要作用;接着,详细介绍Intel高性能网络处理器的硬件组成和框架,并给出一种基于Intel高性能网络处理器的NIPS的具体设计与实现方案。
Network Intrusion Detection and Prevention Systems are full of vitality in the fight against network intrusions. Network Intrusion Prevention System(NIPS) search for certain malicious content based on signatures and filter network traffic. Matching all traffic with these signatures is a challenge to high-speed networks. In this paper, the concept of network intrusion prevention system and its features are described. Then it introduces in detail the composition and structure of InteI High-Speed Network Processor is discussed, and analyzes the basic theory of IPS analyzed. Finally, the NIPS design and an implementation based on Intel High-Speed Network Processor is given.
出处
《信息安全与通信保密》
2009年第4期73-75,共3页
Information Security and Communications Privacy
关键词
网络处理器
入侵防御系统
微引擎
network processor
intrusion prevention system
micro-engine
