多检测引擎监测的动态负载均衡算法

doi:10.11772/j.issn.1001-9081.2017.03.717

计算机应用 ›› 2017, Vol. 37 ›› Issue (3): 717-721.DOI: 10.11772/j.issn.1001-9081.2017.03.717

多检测引擎监测的动态负载均衡算法

杨忠明¹, 梁本来², 秦勇³, 蔡昭权⁴

1. 广东科学技术职业学院计算机工程技术学院, 广东珠海 519090;
2. 中山职业技术学院信息工程学院, 广东中山 528404;
3. 东莞理工大学计算机学院, 广东东莞 523808;
4. 惠州学院教育技术中心, 广东惠州 516007

收稿日期:2016-08-26 修回日期:2016-10-31 出版日期:2017-03-10 发布日期:2017-03-22
通讯作者: 杨忠明
作者简介:杨忠明(1980-),男,广东茂名人,副教授,硕士,CCF会员,主要研究方向:信息安全、智能算法;梁本来(1983-),男,山东济宁人,讲师,硕士,主要研究方向:信息安全、网络路由;秦勇(1970-),男,湖南邵阳人,教授,博士,主要研究方向:网络路由优化;蔡昭权(1970-),男,广东陆丰人,教授,硕士,主要研究方向:计算机网络技术。
基金资助:
国家自然科学基金资助项目（61170193）；广东省工业高新技术领域科技计划项目（2013B010401036）；广东省高等学校优秀青年教师培养计划项目（YQ2014187）；广东省自然科学基金资助项目（S2013010013432）；广东省教育厅科技创新项目（2013KJCX0178）。

Dynamic load balancing algorithm based on monitoring and adjusting of multiple detection engines

YANG Zhongming¹, LIANG Benlai², QIN Yong³, CAI Zhaoquan⁴

1. Computer Engineering Technical College, Guangdong Polytechnic of Science and Technology, Zhuhai Guangdong 519090, China;
2. College of Information Engineering, Zhongshan Polytechnic, Zhongshan Guangdong 528404, China;
3. Computer Institute, Dongguan University of Technology, Dongguan Guangdong 523808, China;
4. Educational Technology Center, Huizhou University, Huizhou Guangdong 516007, China

Received:2016-08-26 Revised:2016-10-31 Online:2017-03-10 Published:2017-03-22
Supported by:
This work is partially supported by the National Natural Science Foundation of China(61170193), the Science and Technology Project in the Field of Industrial High and New Technology of Guangdong Province(2013B010401036), the Training Program for Outstanding Young Teachers in Guangdong Province (YQ2014187), the Natural Science Foundation of Guangdong Province (S2013010013432), the Science and Technology Innovation Program of Guangdong Education Department (2013KJCX0178).

摘要/Abstract

摘要： 为解决多引擎入侵检测系统的负载均衡问题，提出一种检测引擎的动态负载调节算法。首先，监测各引擎节点计算负载；然后，以过载或空载节点出现为调度时机，以会话为单位调度重负载节点的流量到低负载节点，并遍历节点进行负载均衡的调节。由于以会话为调度单位，算法并不以负载的绝对平均为目的，只需保障各引擎节点不出现过载或空载即达到基本目标。采用KDD cup99数据集进行模拟实验，实验结果表明，与平均分配流量算法和基于较大流调整的安全分流算法相比，所提算法对检测引擎基于会话的负载均衡效果显著，运行开销较低且降低了重负载状态下的丢包率，有利于提高入侵检测系统的检测率。

关键词: 入侵检测, 负载均衡, 流量调度, 检测引擎, 会话调度

Abstract: To solve the load balance problem of multi-engine intrusion detection system, a dynamic load regulation algorithm of detection engine was proposed. Firstly, load was calculated by monitoring each engine node. Then, the scheduling of the heavy load node was performed by scheduling the overload or no-load node as a scheduling opportunity, and the nodes were traversed to adjust the load balancing. As the session for the scheduling unit, the algorithm was not the absolute average load for the purpose, just to ensure that the engine node does not appear overload or no load to achieve the basic goal. The KDD cup99 data set was used to simulate experiment. The experimental results show that compared with average load allocation algorithm and secure load allocation, the proposed algorithm has a significant effect on session-based load balancing, the running cost is lower, and the packet loss rate under heavy load are lower, which improves the detection rate of intrusion detection system.

Key words: intrusion detection, load balancing, traffic scheduling, detection engine, session scheduling

中图分类号:

TP393

杨忠明, 梁本来, 秦勇, 蔡昭权. 多检测引擎监测的动态负载均衡算法[J]. 计算机应用, 2017, 37(3): 717-721.

YANG Zhongming, LIANG Benlai, QIN Yong, CAI Zhaoquan. Dynamic load balancing algorithm based on monitoring and adjusting of multiple detection engines[J]. Journal of Computer Applications, 2017, 37(3): 717-721.

参考文献

[1] 蒋文保,郝双,戴一奇,等.高速网络入侵检测系统负载均衡策略与算法分析[J].清华大学学报(自然科学版),2006,46(1):106-110.(JIANG W B, HAO S, DAI Y Q, et al. Load balancing algorithm for high-speed network intrusion detection systems[J]. Journal of Tsinghua University (Science and Technology), 2006, 46(1):106-110.)
[2] 蔡志平,刘书昊,王晗,等.高性能并行入侵检测算法与框架[J].计算机科学与探索,2013,7(4):289-303.(CAI Z P, LIU S H, WANG H, et al. High performance parallel intrusion detection algorithms and framework[J]. Journal of Frontiers of Computer Science and Technology, 2013, 7(4):289-303.)
[3] KUMAR M. Distributed intrusion detection system scalability enhancement using cloud computing[J]. Computer Science and Telecommunications, 2014, 41(1):16-29.
[4] 张文兴,樊捷杰.基于KKT和超球结构的增量SVM算法的云架构入侵检测系统[J].计算机应用,2015,35(10):2886-2890.(ZHANG W X, FAN J J. Cloud architecture intrusion detection system based on KKT condition and hyper-sphere incremental SVM algorithm[J]. Journal of Computer Applications, 2015, 35(10):2886-2890.)
[5] 程建,张明清,刘小虎,等.基于人工免疫的分布式入侵检测模型[J].计算机应用,2014,34(1):86-89.(CHENG J, ZHANG M Q, LIU X H, et al. Distributed intrusion detection model based on artificial immune[J]. Journal of Computer Applications, 2014, 34(1):86-89.)
[6] 王明定,赵国鸿,陆华彪.基于网络流量特性分析的高速入侵检测分流算法[J].计算机应用研究,2010,27(9):3484-3486.(WANG M D, ZHAO G H, LU H B. Load balancing algorithm for high-speed IDS based on analysis of network traffic[J]. Application Research of Computers, 2010, 27(9):3484-3486.)
[7] 王明定.高速网络入侵检测负载均衡算法研究与实现[D].长沙:国防科技大学,2010:4.(WANG M D. The research and implementation on load balancing algorithm in high-speed network for intrusion detection[D]. Changsha:National University of Defense Technology, 2010:4.)
[8] SHI W, MACGREGOR M H, GBURZYNSKI P, et al. A novel load balancer for multiprocessor routers[EB/OL].[2016-01-08]. http://www.cs.ualberta.ca/macg/Pubs/2005/SPECTS-LOAD/FlowBal_I.pdf.
[9] 张亚玲.高速网络入侵检测系统动态负载均衡策略的研究与实现[D].长沙:湖南大学,2010:7.(ZHANG Y L. Research and implementation on dynamic load-balancing strategy in high-speed network for intrusion detection system[D]. Changsha:Hunan University, 2010:7.)
[10] 左晓军,董立勉,曲武.基于Spark框架的分布式入侵检测方法[J].计算机工程与设计,2015,36(7):1720-1726.(ZUO X J, DONG L M, QU W. Distributed intrusion detection approach based on the Spark framework[J]. Computer Engineering and Design, 2015, 36(7):1720-1726.)
[11] 易发胜,龚海刚,汪海鹰.采用CBF技术的分布式入侵检测系统设计与实现[J].计算机工程与设计,2014,35(7):2339-2343.(YI F S, GONG H G, WANG H Y. Design and implementation of distributed intrusion detection systems based on counting bloom filter[J]. Computer Engineering and Design, 2014, 35(7):2339-2343.)
[12] 陈一骄,卢锡城,时向泉,等.一种面向会话的自适应负载均衡算法[J].软件学报,2008,19(7):1828-1836.(CHEN Y J, LU X C, SHI X Q, et al. A session-oriented adaptive load balancing algorithm[J]. Journal of Software, 2008, 19(7):1828-1836.)
[13] 陆华彪,赵国鸿,陈一骄,等.基于较大流调整的安全分流算法[J].计算机工程,2009,35(13):117-119.(LU H B, ZHAO G H, CHEN Y J, et al. Secure load balance algorithm based on moderate flow adjust[J]. Computer Engineering, 2009, 35(13):117-119.)
[14] 王正霞,刘晓洁,梁刚.基于B+树快速调优的反馈式负载平衡算法[J].计算机应用,2011,31(3):609-612.(WANG Z X, LIU X J, LIANG G. Feedback pad balancing algorithm based on B+ tree fast tuning[J]. Journal of Computer Applications, 2011, 31(3):609-612.)
[15] DAS A, NGUYEN D, ZAMBRENO J, et al. An FPGA-based network intrusion detection architecture[J]. IEEE Transactions on Information Forensics and Security, 2008, 3(1):118-132.

多检测引擎监测的动态负载均衡算法

Dynamic load balancing algorithm based on monitoring and adjusting of multiple detection engines

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	张师鹏, 李永忠, 杜祥通. 基于半监督学习和三支决策的入侵检测模型[J]. 计算机应用, 2021, 41(9): 2602-2608.
[2]	王月, 江逸茗, 兰巨龙. 基于改进三元组网络和K近邻算法的入侵检测[J]. 计算机应用, 2021, 41(7): 1996-2002.
[3]	王垚, 孙国梓. 基于聚类和实例硬度的入侵检测过采样方法[J]. 计算机应用, 2021, 41(6): 1709-1714.
[4]	张全龙, 王怀彬. 基于膨胀卷积和门控循环单元组合的入侵检测模型[J]. 计算机应用, 2021, 41(5): 1372-1377.
[5]	杨翎, 姜春茂. 基于三支决策的虚拟机节能迁移策略[J]. 计算机应用, 2021, 41(4): 990-998.
[6]	任晓奎, 刘鹏飞, 陶志勇, 刘影, 白立春. 基于单快拍信号到达角估计算法的室内入侵检测[J]. 计算机应用, 2021, 41(4): 1153-1159.
[7]	许红亮, 杨桂芹, 蒋占军. 基于软件定义网络的数据中心自适应多路径负载均衡算法[J]. 计算机应用, 2021, 41(4): 1160-1164.
[8]	程小辉, 牛童, 汪彦君. 基于序列模型的无线传感网入侵检测系统[J]. 计算机应用, 2020, 40(6): 1680-1684.
[9]	李翠, 陈庆奎. 基于DPDK并行通信的动态监控模型[J]. 计算机应用, 2020, 40(2): 335-341.
[10]	欧彬利, 钟夏汝, 代建华, 杨田. 基于变精度覆盖粗糙集的入侵检测方法[J]. 计算机应用, 2020, 40(12): 3465-3470.
[11]	李中伟, 谭凯, 关亚东, 姜文淇, 叶麟. 车载CAN总线脱离攻击及其入侵检测算法[J]. 计算机应用, 2020, 40(11): 3224-3228.
[12]	池亚平, 莫崇维, 杨垠坦, 陈纯霞. 面向软件定义网络架构的入侵检测模型设计与实现[J]. 计算机应用, 2020, 40(1): 116-122.
[13]	杨宏宇, 王峰岩. 基于改进卷积神经网络的网络入侵检测模型[J]. 计算机应用, 2019, 39(9): 2604-2610.
[14]	曹卫东, 许志香. 高效的半监督多层次入侵检测算法[J]. 计算机应用, 2019, 39(7): 1979-1984.
[15]	潘建国, 李豪. 基于实用拜占庭容错的物联网入侵检测方法[J]. 计算机应用, 2019, 39(6): 1742-1746.