发布时间：2015-01-24 来源：人大经济论坛

通信工程专业论文 目录 摘要Ⅰ AbstrctⅡ 1 绪论1 1.1 问题的提出及研究意义1 1.1.1 问题的提出1 1.1.2 论文的研究意义2 1.2 国内外的研究现状2 1.3 本文研究的内容和目的3 1.3.1 本文研究的主要内容3 1.3.2 本文研究的主要目的4 1.4 小结4 2 数据捕获模块5 2.1 网络数据包流获取的方法5 2.2 链路聚合技术介绍6 2.3 数据流捕获结构图7 2.4 数据包捕获原理7 2.5 小结9 3 数据包分流模块的设计11 3.1 设计思想11 3.2 预处理机的算法11 3.3 预处理机的流程13 3.4 负载均衡机的表和算法设计14 3.4.1 Hash函数介绍14 3.4.2 散列法与其他查找方法的区别16 3.4.3 负载均衡机中表的算法17 3.4.4 检测机状态的门限值运算19 3.5 负载均衡机的运行流程20 3.5.1 对TCP包的处理方式20 3.5.2 TCP负载均衡的原理20 3.5.3 对其他包的处理方式21 3.5.4 UDP负载均衡机的原理22 3.5.5 数据包发送的设计与实现22 3.6 小结23 4 系统实现23 4.1 测试系统配置23 4.2 负载均衡实验24 4.3 系统性能实验27 4.4 实验结果分析30 5 结论31 5.1 主要结论31 5.2 后续研究工作的展望31 致谢33 参考文献34 摘要 近年来，网络流量不断增大，网络结构日益复杂，攻击方式层出不穷。传统基于模式匹配的检测手段与集中式管理构成的入侵检测系统扩展性差、自适应能力不强，因此其不能适应当前网络环境的需要。 本文对一个基于负载均衡技术的集群式入侵检测系统〔HMNIDS〕的各个模块进行了优化设计。改进了入侵检测系统的数据采集模块、负载均衡算法及其入侵检测模块，解决入侵检测系统适应性及其可扩展性差的问题。主要论文工作包括以下几个方面： 一、针对检测模块的特点，在数据流分发模块设计了一种动态的负载均衡算法，根据入侵检测机反馈来的信息动态的调整数据流的分发策略。 二、在数据流分发模块增加了宏观预测可疑数据流的功能，提出了访问密度这一概念和计算访问密度的公式。此外，数据流分发模块的负载均衡功能设计成由两台机器来完成，两台机器分流的数据种类不同，提高了数据分流的速度。 三、数据截获部分利用交换机的Trunk和PortMirror技术，设计出了多采集机共同来分流主干网流量的架构。 最后，本文设计了模拟网络环境，并对上述理论工作进行了检测实验。性能分析和实验结果表明，改进的检测系统具有扩展性，能合理的分发数据包，充分的利用入侵检测模块的资源。 关键词：网络入侵检测系统 ；访问密度 ；负载均衡 The Research on Load Balancing in Network Intrusion Detection System Base on PC Student: Teacher: Abstrct: In recent years, the growing network traffic, increasingly complex network structure, the endless attacks, made the traditional IDS, which base on technology of load balancing and centralized management constitute and has poor expansibility and adaptability, also can not meet the requirement of the current network environment. This paper designed a kind of load balancing technology in a intrusion detection system based on cluster (HMNIDS). By center data collection, layer-stepping data analysis and the collaborative detection of multi-detection engine, we solved the problems of traditional IDS on poor adaptability and expansibility in the high-speed, complex network environments. The wholes system is divided into three module ,every module has clear own function. The main researches and creative points are as follows: Firstly， in view of the features connection with detection module, we designed data stream distributed module which has a dynamic load-balancing algorithm that dynamic adjust distributed strategy by sending information of detection machines. Secondly， In addition ,we added function to forecast doubtful data stream on the view of macroscopic in data stream distributed module , proposed a concept of Access Pack Densities and formula of calculate Access Pack Densities. Furthermore, the function of load balancing is designed to complete by two computer which processing data is different and increase speed of data distributed. Thirdly，Data capture module is made use of Trunk and PortMirror technology of switch by a new sort of structure which many data capture machine gather data of backbone network. At last, we designed a simulated network environment which suite for the testing of this system and had done a test experiment to the HMNIDS in this environment. Performance analysis and experiments demonstrate that the model is scalable, and can dispatch packets reasonably and utilize intrusion detection system’ sources effectively. Key words: NIDS; Access Pack Densities; Load Balancing