【摘要】 为了解决高速网络中异常流量对节点系统的冲击而难以实时检测的问题,设计实现了一种基于网络处理器IXP2850的异常流量检测系统模块。该模块采用两个微引擎并行的方式嵌入到路由系统的流水处理中,提出了分级统计的方法来解决IXP2850可移植构架中线程交叉复杂而造成的资源冲突问题,提高了系统的吞吐量,采用用户行为距离运算和本地资源监控相结合的分析方法,对突发性流量攻击的检测在精度和反应延迟表现优于一般的采集-分析异构系统。更多还原

【Abstract】 Abnormal traffic impact on the node system is difficult to real-time detect in the high-speed network,an anomaly flow detection module based on network processor IXP2850 is designed and implemented to solve the problem.The module is proposed to implement in two parallel microengines which embed in the routing system,and makes use of step statistical method to solve the resource conflict caused by complex multi-thread crossing in portability framework,which improves the throughput of the system.Using the comprehensive analysis of the calculation of behavior deviated from established patterns and monitor of local resources,the performance of the module is more precise and faster than the project that collection and analysis in separate systems.更多还原