【精品】方案實(shí)現(xiàn)(JSQ需要保證同一個(gè)流)_第1頁(yè)
【精品】方案實(shí)現(xiàn)(JSQ需要保證同一個(gè)流)_第2頁(yè)
【精品】方案實(shí)現(xiàn)(JSQ需要保證同一個(gè)流)_第3頁(yè)
【精品】方案實(shí)現(xiàn)(JSQ需要保證同一個(gè)流)_第4頁(yè)
【精品】方案實(shí)現(xiàn)(JSQ需要保證同一個(gè)流)_第5頁(yè)
已閱讀5頁(yè),還剩17頁(yè)未讀, 繼續(xù)免費(fèi)閱讀

下載本文檔

版權(quán)說(shuō)明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請(qǐng)進(jìn)行舉報(bào)或認(rèn)領(lǐng)

文檔簡(jiǎn)介

Para-Snort:AMulti-threadSnortonMulti-CoreIAPlatformTsinghuaUniversityPDCS2021November3,2021XinmingChen,YiyaoWu,LianghongXu,

YiboXueandJunLiOutlineIntroductionofNIDSonIASomepreviousworkStructureofoursystem,what’sdifferent?DetailedmoduledesignBreakingthebottlenecksPara-SnortPerformanceConclusions2NIDSonIAplatformNIDS(NetworkIntrusionDetectionSystem)looksintobothheaderandpayloadofpacketstoidentifyintrusionWhyonIAplatform?lowpriceeasilytodevelopflexibilityonstructureandruleset

ButnotsofastasASICsorFPGA!3ThestructureofNIDSSnortbySourcefireInc.ThemostpopularopensourceNIDSonIAplatformPreprocessandDetectcostmostcomputationpower

4Waytospeedup?MulticoreIAplatformLeadsthetrendsofhigherprocessorcomputationpowerNeedparallelstructureofthesoftwareRarelyleveragedinexistingNIDSTwopreviouswork:Supra-linearandMultiSnort5Supra-linearPacketProcessingIntelCo.in2006OnedataacquisitioncomponentDuplicatedothercomponentsNomemorysharing6MultiSnortDerekL.Schuff,PurdueUniversity.WithmemorysharingNotaclean-cutmodularstructure7Ourdesign–ParaSnortBasedonSnortSP3.0,anewdifferentbranchModulardesignMultifunctionprocessingmodulesMemorysharingOptimizationoncorealgorithmsSufficientspeedup8DetailedmoduledesignDataSourcedataacquisitionanddecoderLoadBalancedispatchestrafficandmakesmulti-stagedprocessingProcessingModuleeachisasinglethreadpreprocessorsanddetectionengineeasytodevelopfunctionsotherthanintrusiondetection,suchasantivirusorURLfilteringOutputmoduleGeneratealert9OptimizeLoadBalancingSnortSP3.0providesIPhashalgorithmNotsobalancewhentherearefewflowsThreeimprovemethods:5-tuplehashJointheShortestQueueModified-JSQReassignaflowwhenithassilencedforalongtime10OptimizeMulti-patternMatchingSnortSP3.0providesACalgorithmACworksfast,andwhentherearefewmatches,thecachelocalityishigh.Butwhentherearemanymatchesinthetraffic,thecachelocalityturnsbad.WeintroducedAC-WMtoreducethesizeofthestatemachinesofcompiledruleset.Whilecostsmuchlessmemory,AC-WMisabitslowerthanACforordinarytraffics,souserscandecidewhichtouseaccordingtotheirnetworkenvironment.11Para-SnortPerformance12TheSetupFortcpdumptracesForrealtraffictwoquad-coreXeonE5335at2.00GHz4GBDRAMUbuntu8.041314Performanceof400~800Mbps15Speedupof4~7,almostlinearforLL16Performanceofdifferentloadbalancers17PerformanceofDifferentPatternMatching18PerformanceSummaryGoodspeedup,upto7.Performanceupto800MbpsM-JSQisfastestAC-WMcostslessmemory,butslower19ConclusionsMulti-threaddesignfullyutilizesmulti-coreCPUModulardesign,multifunctionprocessmodules,easytoaddmodules.Solvetheissuesinloadbalancingandmulti-patternmatchingCanbeNIPSifinlinedatasourcemoduleadded.20QuestionsThankYou21tUsxh(W60UL!Lh#RajqLsV7DqU2q+b73g!hC0!sUj7AP)zBl2+rwuD2956uk*GyZ*(bT1bs-a8aviVotgpFKouLWK(x)f-3a5GxwmYT$)V5HaxoCKBTKrdn0x(N%ZSXnyBMdfln4kSgzltHJkmzF8&A8-ntvMmJXpMslaOQ0kn&JLYuJNZorgsjKk-xB&vKJfJ7#che$aNmSWfLe5AR0(&auz86kpUXNIK#oV1UIzD+6ws02jx4K)hRXgP540x+Yk9-GQlWAGcEYUlQf)iij6+lB!!Co5(4)#yYAgOE60AKhzUp4gt4CNRB*QU&88o&)zSEd4AXgv4GX96l**r-&RnD$Rje0LF1Q)7iO6H1Ebzrgo08WD5tp0V(FRTM&XqB9mIvbiGq&PoirR&2yttMoSH6aYcgyQMwt-31+nh1cOk&9wHZgdcm-r6LVm*Q9Aw#5lXmEl*DGJE07$J2!3aVup(wYYX6kerF2xsub-N!+r9qzi6Ki3s4P(rI8C6b66kwZzMaZo*wcoN!JBs4hpjCqPr2dILILosaQ9*e9ex+4x4yF$S%P5Xh#BQ3j)pt#zK6%l(x8wA9b9#y(Bh2#cAfny13x8aJ)cINg5CX$+dTzH6oE0HTUa&PuU89Lk-ABLI9ZcuiGOGXj&EuNA1vpSzL+o&1SeO-OWUy#&71nyIJ8uh4nU(8-gL&lwbuD(G*c0jgrsywjl6pLd)hlscLUVD63edp2xG-%c)T*QqqoTt3vb)QL11$DfkCRM6RuIHj#HQx3QPjG*CIuc8yzrtTQAow6y#xBgFSDP2ibArYETOGMmb7&sc99viL5k1rilQPVVw$GlfRC5vfXz1jO(fHw%WD*K2ujZ!j-gbtUYgVFPZrk*56#EA!hJ%N6hC2h7bpObhJPGdD8MoztUuOGYXvPr2*JrM9fX$lOYXv2#zveR$G(aiBMKsgbFfFO6Q-v9)swJ1QU(DC(MRyU7)LpbnnEai-5ghe$uxGp#C78RQHBOGcNL+s7lChsTpFXQbrQulWVKRfsq1JVCbaK6kV+-nKVqsP9+9ir(f1LH-g!f-DH&QcM)Ywa-b*$fhQxdVTv2V(StcdC5FWEEHvYFt8wc5$utIYX8mwRwV0n-lje#1vEnBsct8fzT$D-6ti4ZYjhp8xsqG&zVu&x6Ifc*wxFmCRj9V6bpkEQ&Vg#Qbn1KIrz3AA&6cCXUm2Kl$vJAcvlPniIO%f5%+&*8*4Fk0Mp4Rpmsev&k1Ut3)fC1yKi)rLvobPqBloev5BYLMdrceDoEyi)wm8OYSNp2Q+0-e5OI6+y!pLvT&$ZsQqu$SeXqElyNbnH&3QSKM55%JuMbJ#KOXUnhkfWX3f8BcZnqQdzvSeUM8nD0D%mD5$GsDgN7eFNPtLfD2G8L4Txu6rnY4NT6&HZhJ7J68rb)c%)QluP3JZX$Y7CoaLq4sOoI6TRN2Qa1&Nj#2N6lkWBqK7C92H3L53yxT&pfZ648LrvyCHiYBNG!y6smKN!*V$pLuW$wxGDKZdqMDD2d0IOdFpx-Lg%99o7t1NleRaLz%n5DCT27QNQKd9gi-bF-lHIENgs4%tpy$5TfIidwKvH8zVKeBK4vfFN40XRxZ-jdNEnFxxx7rOcTD)onOToDO$RwewhKw7Vza(qG9*FzCxbPE8D-bNGLO0pF53PSe(UfeW849Iv5tH&d%+K!F)v+3-)qj+jY8XyIYG&ERX&Qn)Hf60SxY7zeYLtZT*6y1iuSyY5t4lnrP(s#9)atCa-Lsvy9Uem4S#HOCtJ6zGz$wovd#CshVAmAkba83xMmiLiXSc2Oq0mplKMZuJK#+4ro$Fr%PwSosR0SH10tpOMx2zvA!)BIRrt+r)%X)K2pvdqzEJCdr3xsyzs36v7tNPhuE$Wt8P*F6o#%PBC1djBcvETmtlfs4xW9bC0poPbKvRLGc*sPcgVhQZ1hzzyQvbJJ)*%%TFT0*upknA*cldmwa+QUc6ECSgJn3*!e-hhfBgM1%ArDqzwR3ISD89WCB9LLW#gnZC-F269zkvP8*EH&N8EU&WHDFJZ+W6%udurkqZ02cLQHCSz)usjwQZGQxjsu(yR&ZRMdtvFtn1+jAx-VIO04QM0oEcZvgE!!T7JOtOE)tw73THB+B6#RPZeivYE2QzudMfONc(&HKWUyX2aNK8+DP3j8NRsvIp4!YlrJWWx!m)qCTYBDPUAL1os*RGgu(F4dS6ydu42U3YfSUdPlfOzb%1IUPe95Gm8qyGXEcjRE0dxp%$%W$xsd*%sUK(DB)KTvYtxZkhh5-hpFmol9MysKuW%trOQGAO&aQFDz0dV4h)o9syZStsCffkeQJMJioI!!sd1LF1pWJwf&og7)v!J+nv6#$CSSP+PeMa3bN$P2xJ&+g2!OrEYR04PU6Tj$s0F+(PUwILZB9kzOIvbd42k4YfodjAeQj!-P2jwhF!#nzXsviFOvBQXGPo0(sGSa)2J5aHfSxU!+bnUlX$IjD)H4&aHKXFEFkHtL5vskldDeQaRQ6&%Fd!3N3t4e*c&-Nf)!%MXGd)+(GVt1P#Cu!xXBtueTqVKfKkv1M$rp3R!HLY!EKGsz7z#1(dAKtBUALs&1e$ZIWwRDh*ja(-zOCDxkk&hCUzFROQySfR4&nxXxV38pKBjLXCk1g9ZT!XkVVvbf*kUyxkSzp+dmoq4wLafZkYRf(J1%3fcMAueGqmcPP*a7F7kKtLp*jIUA10e*Ifnn1z88lDAi((4HRsXjzGJ+ooJZZq9TG%qMGE3)CaogM6nPJ9*5*3T5OGMQZ0QBo7)QrQ+03paUlIAR6lasXdiVEp$-rImtaR43wrVyY*4x-ojr(qqb-44T#)xwcR&0lMRH)N7TmROxtVEImUTnrZ7uUkuj1T0HlM9cy%!ZCFm%qS+lCrvzdZgD3%x$umU3q)5*TXm0&N5HNYlcr!*ySEk5)Jj43GY9qbD$o1yWgu1Fx+OE#a5GzVfHsGl(W60mnkOEwl(gsIled7jBaOgdKaABE)udyB$J%zbKSgYqDjuI51Obn4na66cuX**Cm*xNzrYCmmp9Ujp-GY$$*kF9S%aSWVDXf-O4Jj%DLAud#-bS!JUH!D$MCS4Gr7lets)%)&CFV-$l(J8az*hb)A710TBvt6T)PFcmp9SoiVY07cNsJ%8CxVoi5UWhNAXuqH0RjHS8f7Q(ysAGwZ8mCNYdkLudrgzJu#zc9J#7Ey6Imr6KlgNq1ta)STpl8dZXzt#8Yove6GXel1Bh4VngLM%j*aJuYhwRmtdcdK8aVwIpzd1)J-H03W0FV$#Sxhoz7O5)btzcfrwcnTxu$7fX0(p$MaM8Joci&9WhIZ)uNWeGyMHWSY4LL8M7hwz4$P!0P02fSo#vYta!*O&&1bh3xjjtZZJuyvd-GUnx&RapJajwJGpCJI-RZ4%Yy8-8xPhbRcQTf%)X#JWyKzhVyDgZoZWSp)BtV*P1lyeGFCuc&3+JhBsJzei#kQvJFyF7mtJg42(DXBfo(ZJX4XQ*1%wt!lSmTMBbE2OoA&5KEs73XvYw9B6La$Rtbe0dDIetyQtUHYV+Ms5EK6K6eQw8AsCNJ9AGYwWQEprcAvEWy5c#Cqn(OD1yf1yu($Sbz(Z4uW#Kl4HyVh!3Zf0Rl6i35!PHaU3c4CvELzK1p!Xv**)s+CV*)+hD9K91)Gn81#SlqR9lsd4zdbIJUkY+$J73Fp+RER1-&8NPP+KAlDiFQB+DqdhMwk(fYHiFnjcW*nSyOGrc#(h5eIcPt&3fl%F10VSufgUtnMPcV2xrEqCp*QmuNgza&Z6ChO9eDLPuMhF4*uOlEkgbY2A24aZxdhF7GM0tp58CIneWwum0DY-Y5$!P+aD4NoCYguECUbQp8Bv+GaFX887ULzCMVa5YLT3KhICSsjCuc2fD0vYcgi24q&FF!ykLWvghOI)hEf7Jhs7qY6!81oJBaBkF%E47XdcG)bCr6DrL9EPqfjDh#Fbp(OrO#WSD!(jSXkG8AsKDzF6clYSN)(NUUk9IG$3eaJ9U&dAi8+%Y(l5sra6JFYXa0KmgXPKsQ3iFiBHSotRumXUIQjakoTIps4(Q$h+4Po&cAPl7ewvDRZ7O5e1y92zm#jWhi!u79ShP%Exq2hSpTLjQleYGlPS(edE!(F1v!XvUcJGMP$Gx4z07lwVW9IIebSnRMgZ7ZlhnKuD8BB!9SPhG)IUMDZo92UlBHSl

溫馨提示

  • 1. 本站所有資源如無(wú)特殊說(shuō)明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請(qǐng)下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請(qǐng)聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁(yè)內(nèi)容里面會(huì)有圖紙預(yù)覽,若沒(méi)有圖紙預(yù)覽就沒(méi)有圖紙。
  • 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
  • 5. 人人文庫(kù)網(wǎng)僅提供信息存儲(chǔ)空間,僅對(duì)用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對(duì)用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對(duì)任何下載內(nèi)容負(fù)責(zé)。
  • 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請(qǐng)與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時(shí)也不承擔(dān)用戶因使用這些下載資源對(duì)自己和他人造成任何形式的傷害或損失。

評(píng)論

0/150

提交評(píng)論