本論文中所呈現的是在FPGA上實現一個非常有效率的header classification circuit，並且能夠運用於網路入侵偵測系統。Header classification circuit利用一些簡單的shift register與symbol encoder，即可以達到快速且精確的封包檔頭比對。並且與其他現有的電路做比較之後，顯示我們所設計的電路，運用於網路入侵偵測系統並且實作在FPGA上，可以符合高效率與低硬體資源消耗。

An efficient FPGA-based header classification circuit is proposed for network intrusion detection system (NIDS). The circuit is based on simple shift registers and symbol encoders for the fast packet header classification in hardware. As compared with related work, experimental results show that the proposed work achieves higher throughput and less hardware resource in the FPGA implementations of NIDS systems.

[1] M. Aldwairi, T. Conte and P. Franzon, "Con_gurable string matching hardware for speeding up intrusion detection," ACM SIGARCH Computer Architecture News,Vol.
33, pp.99-107, 2005.

[2] R. Baeza-Tates and G.H. Gonnet, "A new approach to text searching," Communications of the ACM, Vol. 35, pp.74-82, 1992.

[3] C. Clark and D. Schimmel, "Scalable multi-pattern matching on high speed networks," Proceedings of the IEEE Symposium on Field- Programmable Custom Computing Machines, pp.249-257, 2004.

[4] Y.H. Cho and W.H. Mangione-Smith, "Deep packet filter with dedicated logic and read only memories," Proceedings of the IEEE Symposium on Field- Programmable Custom Computing Machines, pp.125-134, 2004.

[5] V. Dimopoulos, G. Papadopoulos, and D.Pnevmatikatos,"On the importance of header classification in hw/sw network intrusion detection systems," Proceedings of the 10th Panhellenic Conference on Informatics, 2005.

[6] T. Ramirez and C. D. Lo, "Rule Set Decomposition for Hardware Network Intrusion Detection," in the 2004 International Computer Symposium (ICS 2004),Dec.15-17,
2004, Taipei, Taiwan, 2004.

[7] H.C. Roan, C.M. Ou, W.J. Hwang and C.T.D.Lo, "Efficient Logic Circuit for Network Intrusion Detection," Lecture Notes in Computer Science, Vol. 4096,pp.776-784, 2006.

[8] J. Singaraju, L. Bu and J. A. Chandy, "A signature match processor architecture for network intrusion detection," Proceedings of the IEEE Symposium on Field-
Programmable Custom Computing Machines, pp.235-242, 2005.

[9] H. Song and J. Lockwood, "Efficient packet classification for network intrusion detection using FPGAs," Proceedings of the IEEE Symposium on Field-
Programmable Gate Arrays, pp.238-245, 2005.

[10] I. Sourdis and D. N. Pnevmatikatos, "Pre-decoded CAMs for efficient and highspeed NIDS pattern matching," Proceedings of the IEEE Symposium on Field-Programmable Custom Computing Machines, pp. 258-267, 2004.

[11] SNORT o_cial web site. http://www.snort.org.

[12] ALTER official web site. http://www.altera.com

[13] B. L. Hutchings, R. Franklin & D. Carver.(2002). "Assisting network intrusion detection with reconfigurable hardware."Proceedings of the IEEE Symposium on
Field-Programmable Custom Computing Machines, 111–120.
[14] M. Gokhale, D. Dubois, A. Dubois, M. Boorman, S. Poole & V.Hogsett. (2002). "Granidt: towards gigabit rate network intrusion detection technology." Proceedings of the International Conference on Field Programmable Logic and Application,404–413.

[15] J. Moscola, J. W. Lockwood, R. P. Loui & M. Pachos. (2003)."Implementation of a content-scanning module for an internet firewall." Proceedings of the IEEE Symposium on Field-Programmable Custom Computing Machines, 31–38.

[16] Huang-Chun Roan. "A High Performance Circuit Design Applied to Network Intrusion Detection System on a SoPC Platform." National Taiwan Normal University. Graduate Institute of Computer Science and Information Engineering. July 2006.