中文摘要：

随着高速网络的普及．传统的入侵防御系统在数据包的高速捕获和实时处理方面，已经不能满足性能上的要求。设计并实现了一种高性能入侵防御系统，PF_RING DNA intrusion Prevention System：PDIPS。PDIPS运行在通用多核平台，采用PF—RING的DNA技术，实现对数据包的线速捕获，同时采用多线程和CPU绑定技术并行地处理数据包，提高了系统的整体性能。试验结果表明，在相同的测试环境下，本系统与传统的入侵防御方案相比，在性能上有较好的提升，可以适应千兆环境的需求。

英文摘要：

With the popularization of high-speed network, the traditional intrusion prevention system in high speed packet capture and real-time processing, has already can＇t meet the requirements of the performance. The paper proposed a kind of high performance intrusion prevention system, PF_PJNG DNA Intrusion Prevention System： PDIPS. PDIPS run on general multi-core platform, it used the PF PJNG DNA technology to realize the packet capture in wire speed, at the same time, multithreading and CPU binding technology is used for parallel packets processing, to improve the overall performance. The test results show that under the same test environ ment, PDIPS compared to traditional intrusion prevention scheme in performance has preferably improved, can adapt to the needs of the gigabit environment.