雷欽隆臺灣大學：電機工程學研究所林峻鋒Lin, Jung-FengJung-FengLin2007-11-262018-07-062007-11-262018-07-062007http://ntur.lib.ntu.edu.tw//handle/246246/53232在今日的社會中，網路的安全性已經廣為各大組織機構所重視。越來越多的安全性系統被裝設以保護網際網路上的裝置及通訊。網路入侵防禦系統是其中一種可以詳細分析網路內容及主動阻擋有害封包的安全系統。而由於網路連線頻寬大量成長及需要進行越來越多的複雜檢查，對於高效能網路入侵防禦系統的需求也隨之日益增加。在本篇論文中，我們提出了一種叢集式架構，藉由集合多台裝置之力來共同實作出一個高效能的網路入侵防禦系統。在此架構下，流量將會自動的分散到各個裝置中，而且流量再分配機制可以使系統達成動態負載平衡的效果。基於叢集系統的架構，我們也設計了一個網路流量搬動機制使系統能夠更快速的反應網路流量的變化而達成負載平衡的狀態。這個叢集架構同時也支援容錯機制以及動態擴充的功能而不須停止系統。我們安裝了一個知名的入侵防禦系統『Snort』在叢集系統的每台電腦上，並實作出上述的機制於嵌入式Linux系統核心模組中。最後從實驗及實作中驗證我們所提出的方法可以應用在建構高效能及具可靠性的網路入侵防禦系統。Security has become a big issue for all organizations in today's network environ-ment. More and more systems have been developed to secure the network infrastructure and communication over the Internet. Network intrusion prevention system (NIPS) is a kind of security system which can perform deeply content inspection and block the sus-pected packets. The demand for high performance NIPS is driven by the growing bandwidth available and the more complex packet inspection. In this thesis, we propose a clustering scheme by aggregating several devices to provide high throughput and im-plement the network intrusion prevention system over a cluster. The proposed scheme makes incoming traffic self-dispatched and applies traffic redistribution to keep the load of devices balanced. Base on the cluster scheme, we design a dynamic migration ap-proach to fast achieve the state of load balance with the variance of network. This clus-tering scheme also supports the fault tolerance and dynamic expansion without shutting down the system. Based on the designed architecture, we deploy Snort, which is a well-known and popular NIPS, on each device of the cluster and implement all the pro-posed mechanisms as kernel modules over embedded Linux. According to the results of performance evaluation, we can successfully build a high performance, dependable NIPS by means of the proposed schemes over the designed in-line device cluster.誌謝 i 摘要 ii Abstract iii Content iv List of Figures v Chapter 1 Introduction 1 Chapter 2 Related Works 5 2.1 Performance Improvement and Load Dispatching 5 2.1.1 Clustering with Traffic Dispatchers 8 2.1.2 Clustering with Self-Dispatching Mechanisms 9 2.2 IDS and IPS 10 2.2.1 IDS 10 2.2.2 IPS 12 2.2.3 Snort 14 Chapter 3 Clustering of NIPS 17 3.1 System Architecture 17 3.2 Traffic Dispatching Mechanism 19 3.3 Clustering with Traffic Redistribution 21 3.3.1 Virtual Device 22 3.3.2 Virtual Device Migration 24 3.3.3 Migration Strategy 26 3.4 Fault-Tolerance and Dynamic Expansion Mechanism 28 Chapter 4 Implementation and Experiments 32 4.1 The Experiment Environment 32 4.2 Experiment Results 35 Chapter 5 Simulation 39 5.1 Migration Approaches 39 5.2 Cluster Size 41 5.3 Detection Rate 42 Chapter 6 Conclusions 47 Reference 49450197 bytesapplication/pdfen-US高效能封包處理入侵防禦系統叢集式架構動態負載平衡high performance packet processIPSclusterload balancefault tolerantthesishttp://ntur.lib.ntu.edu.tw/bitstream/246246/53232/1/ntu-96-R94921107-1.pdf