Journal of Liaoning Petrochemical University ›› 2008, Vol. 28 ›› Issue (2): 67-70.

Previous Articles     Next Articles

Parallel Reassembling Technology of Application Layers in NIDS

ZHAO Xiao-bi, WEI Hai-ping*, WANG Fu-wei, GAO Zhe   

  1. School of Computer and Communication Engineering, Liaoning University of Petroleum & Chemical Technology, Funshun Liaoning 113001, P.R.China
  • Received:2007-10-11 Published:2008-06-20 Online:2017-07-23


赵晓碧魏海平*, 王福威高 哲   

  1. 辽宁石油化工大学计算机与通信工程学院,辽宁抚顺 113001

Abstract: Nowadays, the procedure of IP fragments and TCP flows serial reassembling technology have not been satisfied with the high speed network requirements. Meanwhile, every whole conversation in the network is almost similar from each other. Little distinctions exist among protocols of different application layers. It is suitable for adopting parallel reassembling algorithm. A parallel reassembling algorithm in application layer was introduced. Through this method, the balance of IP fragments and TCP flows reassembling was distributed reasonably in parallel reassembly process. A two-dimensional linked list was used to save key information. Too heavy work load of NIDS was avoided. An example of SMTP protocol was analyzed thoroughly.At last, in the light of the weakness of original algorithm,an improved algorithm was put forward. The whole mission was distributed in parts and computing ability of each node was fully used. So the parallel reassembling was reached. The test result shows that the improved algorithm is much more efficient than that of the original algorithm.

Key words: Intrusion detection, Parallel reassembling, Application protocol

摘要: IP分片以及TCP流的串行重组技术已经不能满足当今高速发展的网络,同时,网络上每个完整的会话都比较类似,而且不同应用层协议之间的差别也很小。因此重组工作通过并行来完成是很适宜的。采用多机并行的重组并行算法成为一种可行的实现方案。介绍了一种应用层并行重组技术,通过并行的方法将TCP/IP流重组工作负载进行合理分流,采用二维链表保存关键信息,从而避免NIDS工作负载过重的情形发生,同时以SMTP协议为例对其进行了深入地研究。最后,针对原算法的不足,提出了进一步的改进思想,细化任务颗粒,充分利用了各个结点的计算能力,有效实现了问题的并行化,并与原算法进行比较测试,性能有所提高。

关键词: 入侵检测, 并行重组, 应用层协议

Cite this article

ZHAO Xiao-bi, WEI Hai-ping, WANG Fu-wei, GAO Zhe. Parallel Reassembling Technology of Application Layers in NIDS[J]. Journal of Liaoning Petrochemical University, 2008, 28(2): 67-70.

赵晓碧, 魏海平, 王福威,高 哲. NIDS中的应用层并行重组技术[J]. 辽宁石油化工大学学报, 2008, 28(2): 67-70.

share this article

    /   /   Recommend

Add to citation manager EndNote|Ris|BibTeX