中文摘要：

本文针对入侵检测系统并行处理前数据报文按用户进行分流的要求，提出一种基于用户终端IP的用户数据分流方法：首先判断报文的上下行状态，然后根据结果识别用户数据中携带的终端IP地址，最后按照用户终端IP进行数据分流。实验结果表明，该数据分流方法能够满足数据流完整和负载均衡的要求，将属于同一用户的所有数据报文都准确完整地分流到同一个入侵检测系统中。

英文摘要：

In order to satisfy the requirements of data distribution based on user before parallel processing in intrusion detection system. A new approach of data distribution based on user terminal IP was proposed, which incorporated the three steps： estimated the messages forward or reverse status, and then identified terminal IP address in the user data, finally distributed the user data according to user terminal IP. The experimental results show that this data distribution method can satisfy the requirements of load balancing and data integrity.So all packets belongs to the same user will diverted to the same intrusion detection system accurately and completely.