PC的入侵检测集群系统中负载均衡技术研究

文档编号:TX268  文档字数:16899,页数:37

摘要

 近年来，网络流量不断增大，网络结构日益复杂，攻击方式层出不穷。传统基于模式匹配的检测手段与集中式管理构成的入侵检测系统扩展性差、自适应能力不强，因此其不能适应当前网络环境的需要。
 本文对一个基于负载均衡技术的集群式入侵检测系统〔HMNIDS〕的各个模块进行了优化设计。改进了入侵检测系统的数据采集模块、负载均衡算法及其入侵检测模块，解决入侵检测系统适应性及其可扩展性差的问题。主要文档工作包括以下几个方面：
 一、针对检测模块的特点，在数据流分发模块设计了一种动态的负载均衡算法，根据入侵检测机反馈来的信息动态的调整数据流的分发策略。
 二、在数据流分发模块增加了宏观预测可疑数据流的功能，提出了访问密度这一概念和计算访问密度的公式。此外，数据流分发模块的负载均衡功能设计成由两台机器来完成，两台机器分流的数据种类不同，提高了数据分流的速度。
 三、数据截获部分利用交换机的Trunk和PortMirror技术，设计出了多采集机共同来分流主干网流量的架构。
 最后，本文设计了模拟网络环境，并对上述理论工作进行了检测实验。性能分析和实验结果表明，改进的检测系统具有扩展性，能合理的分发数据包，充分的利用入侵检测模块的资源。
 
关键词：网络入侵检测系统 ；访问密度 ；负载均衡

The Research on Load Balancing in Network Intrusion Detection System Base on PC
 Student:          Teacher: 
 
Abstrct: In recent years, the growing network traffic, increasingly complex network structure, the endless attacks, made the traditional IDS, which base on technology of load balancing and centralized management constitute and has poor expansibility and adaptability, also can not meet the requirement of the current network environment.
 This paper designed a kind of load balancing technology  in a intrusion detection system based on cluster (HMNIDS). By center data collection, layer-stepping data analysis and the collaborative detection of multi-detection engine, we solved the problems of traditional IDS on poor adaptability and expansibility in the high-speed, complex network environments. The wholes system is divided into three module ,every module has clear own function. The main researches and creative points are as follows:
 Firstly， in view of the features connection with detection module, we designed data stream distributed module which has a dynamic load-balancing algorithm that dynamic adjust distributed strategy by sending  information of detection machines.
 Secondly， In addition ,we added function to forecast doubtful data stream on the view of macroscopic in data stream distributed module , proposed  a concept of Access Pack Densities and formula of calculate Access Pack Densities. Furthermore, the function of load balancing is designed to complete by two computer which processing data is different and increase speed of data distributed.
 Thirdly，Data capture module is made use of Trunk and PortMirror technology of switch by a new sort of structure which many data capture machine gather data of backbone network.
 At last, we designed a simulated network environment which suite for the testing of this system and had done a test experiment to the HMNIDS in this environment. Performance analysis and experiments demonstrate that the model is scalable, and can dispatch packets reasonably and utilize intrusion detection system’ sources effectively.

Key words:  NIDS; Access Pack Densities; Load Balancing

目录

摘要 Ⅰ
Abstrct Ⅱ
1  绪论 1
1.1 问题的提出及研究意义 1
1.1.1 问题的提出 1
1.1.2 文档的研究意义 2
1.2 国内外的研究现状 2
1.3 本文研究的内容和目的 3
1.3.1 本文研究的主要内容 3
1.3.2 本文研究的主要目的 4
1.4 小结 4
2  数据捕获模块 5
2.1 网络数据包流获取的方法 5
2.2 链路聚合技术介绍 6
2.3 数据流捕获结构图 7
2.4 数据包捕获原理 7
2.5 小结 9
3  数据包分流模块的设计 11
3.1 设计思想 11
3.2 预处理机的算法 11
3.3 预处理机的流程 13
3.4 负载均衡机的表和算法设计 14
3.4.1 Hash函数介绍 14
3.4.2 散列法与其他查找方法的区别 16
3.4.3 负载均衡机中表的算法 17
3.4.4 检测机状态的门限值运算 19
3.5 负载均衡机的运行流程 20
3.5.1 对TCP包的处理方式 20
3.5.2 TCP负载均衡的原理 20
3.5.3 对其他包的处理方式 21
3.5.4 UDP负载均衡机的原理 22
3.5.5 数据包发送的设计与实现 22
3.6 小结 23
4  系统实现 23
4.1 测试系统配置 23
4.2 负载均衡实验 24
4.3 系统性能实验 27
4.4 实验结果分析 30
5  结论 31
5.1 主要结论 31
5.2 后续研究工作的展望 31
致谢 33
参考文献 34

相关论文