以網頁連結快取加速網路入侵偵測系統

Abstract

網路入侵偵測系統(NIDS)可以視為一種危機轉移的技術，用來與防火牆之類的預防技術搭配。然而，當特徵規則(signature)的數量增加時，相當費CPU時間的網路入侵偵測系統可能無法檢查所有經過的封包，我們正嘗試減輕這個狀況。本研究使用網頁連結快取(URL-caching)來加速網路入侵偵測系統，經由儲存正常的網路連結快取，連續的網頁存取可以跳過所有的網頁特徵規則，我們以此修改Snort並獲得15%的效能提昇。

Network intrusion detection system (NIDS) can be considered as a risk mitigation technique to complement the risk prevention technique such as firewall. However, CPU-intensive NIDS might not be able to examine all incoming packets as the network load or the number of the signatures increases. We are trying to alleviate this situation. This work uses URL-caching to accelerate the NIDS. By caching healthy URL’s, successive web access skips all Web signatures. We patch Snort and gain 15% performance speedup.