研究生: |
黃威智 Wen-Jihi Hwang |
---|---|
論文名稱: |
在可程式化系統晶片中實現網路入侵偵測系統之高效能封包分類與比對電路 |
指導教授: |
黃文吉
Hwang, Wen-Jyi |
學位類別: |
碩士 Master |
系所名稱: |
資訊工程學系 Department of Computer Science and Information Engineering |
論文出版年: | 2007 |
畢業學年度: | 95 |
語文別: | 中文 |
論文頁數: | 74 |
中文關鍵詞: | FPGA實作 、網路入侵偵測系統 、低硬體資源消耗 、高效率 |
英文關鍵詞: | FPGA implementation, Network intrusion detection system, lowarea cost, High throughput |
論文種類: | 學術論文 |
相關次數: | 點閱:129 下載:1 |
分享至: |
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
本論文中所呈現的是在FPGA上實現一個非常有效率的header classification circuit,並且能夠運用於網路入侵偵測系統。Header classification circuit利用一些簡單的shift register與symbol encoder,即可以達到快速且精確的封包檔頭比對。並且與其他現有的電路做比較之後,顯示我們所設計的電路,運用於網路入侵偵測系統並且實作在FPGA上,可以符合高效率與低硬體資源消耗。
An efficient FPGA-based header classification circuit is proposed for network intrusion detection system (NIDS). The circuit is based on simple shift registers and symbol encoders for the fast packet header classification in hardware. As compared with related work, experimental results show that the proposed work achieves higher throughput and less hardware resource in the FPGA implementations of NIDS systems.
[1] M. Aldwairi, T. Conte and P. Franzon, "Con_gurable string matching hardware for speeding up intrusion detection," ACM SIGARCH Computer Architecture News,Vol.
33, pp.99-107, 2005.
[2] R. Baeza-Tates and G.H. Gonnet, "A new approach to text searching," Communications of the ACM, Vol. 35, pp.74-82, 1992.
[3] C. Clark and D. Schimmel, "Scalable multi-pattern matching on high speed networks," Proceedings of the IEEE Symposium on Field- Programmable Custom Computing Machines, pp.249-257, 2004.
[4] Y.H. Cho and W.H. Mangione-Smith, "Deep packet filter with dedicated logic and read only memories," Proceedings of the IEEE Symposium on Field- Programmable Custom Computing Machines, pp.125-134, 2004.
[5] V. Dimopoulos, G. Papadopoulos, and D.Pnevmatikatos,"On the importance of header classification in hw/sw network intrusion detection systems," Proceedings of the 10th Panhellenic Conference on Informatics, 2005.
[6] T. Ramirez and C. D. Lo, "Rule Set Decomposition for Hardware Network Intrusion Detection," in the 2004 International Computer Symposium (ICS 2004),Dec.15-17,
2004, Taipei, Taiwan, 2004.
[7] H.C. Roan, C.M. Ou, W.J. Hwang and C.T.D.Lo, "Efficient Logic Circuit for Network Intrusion Detection," Lecture Notes in Computer Science, Vol. 4096,pp.776-784, 2006.
[8] J. Singaraju, L. Bu and J. A. Chandy, "A signature match processor architecture for network intrusion detection," Proceedings of the IEEE Symposium on Field-
Programmable Custom Computing Machines, pp.235-242, 2005.
[9] H. Song and J. Lockwood, "Efficient packet classification for network intrusion detection using FPGAs," Proceedings of the IEEE Symposium on Field-
Programmable Gate Arrays, pp.238-245, 2005.
[10] I. Sourdis and D. N. Pnevmatikatos, "Pre-decoded CAMs for efficient and highspeed NIDS pattern matching," Proceedings of the IEEE Symposium on Field-Programmable Custom Computing Machines, pp. 258-267, 2004.
[11] SNORT o_cial web site. http://www.snort.org.
[12] ALTER official web site. http://www.altera.com
[13] B. L. Hutchings, R. Franklin & D. Carver.(2002). "Assisting network intrusion detection with reconfigurable hardware."Proceedings of the IEEE Symposium on
Field-Programmable Custom Computing Machines, 111–120.
[14] M. Gokhale, D. Dubois, A. Dubois, M. Boorman, S. Poole & V.Hogsett. (2002). "Granidt: towards gigabit rate network intrusion detection technology." Proceedings of the International Conference on Field Programmable Logic and Application,404–413.
[15] J. Moscola, J. W. Lockwood, R. P. Loui & M. Pachos. (2003)."Implementation of a content-scanning module for an internet firewall." Proceedings of the IEEE Symposium on Field-Programmable Custom Computing Machines, 31–38.
[16] Huang-Chun Roan. "A High Performance Circuit Design Applied to Network Intrusion Detection System on a SoPC Platform." National Taiwan Normal University. Graduate Institute of Computer Science and Information Engineering. July 2006.