簡易檢索 / 詳目顯示

研究生: 阮煥鈞
Huang-Chun Roan
論文名稱: 應用於網路入侵系統之高效能電路可程式化系統晶片設計
A High Performance Circuit Design Applied to Network Intrusion Detection System on a SoPC Platform
指導教授: 黃文吉
Hwang, Wen-Jyi
學位類別: 碩士
Master
系所名稱: 資訊工程學系
Department of Computer Science and Information Engineering
論文出版年: 2006
畢業學年度: 94
語文別: 英文
論文頁數: 43
中文關鍵詞: 網路安全可程式化系統晶片設計字串比對
英文關鍵詞: Network Security, FPGA, String Matching
論文種類: 學術論文
相關次數: 點閱:203下載:0
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報
  • 此論文提出了用硬體來實現網路入侵偵測系統的電路設計,主要的概念是採用shift-or algorithm,並只使用到shift register, OR gates 和 ROM。 整個電路架構可以把ROM去除來稍作改良。此論文提出的硬體電路已經被驗證模擬及合成於Altera Stratix FPGA。實驗結果顯示出一次處理兩個characters的時候,throughput可到達6.75 Gbits/sec,硬體資源花費0.7 LE/chars。當電路一次處理四個characters的時候,throughput可達到9.2 Gbits/sec,硬體資源花費2.75 LE/chars。跟現有文獻來探討,我們提出的硬體電路可達到較高的throughput跟比較少的硬體資源。

    This thesis introduces a novel FPGA based signature match co-processor that can serve as the core of a hardware-based network intrusion detection system (NIDS). The central idea of the signature match coprocessor is an architecture based on the shift-or algorithm, which utilizes simple shift registers, OR gates, and ROMs where patterns are stored. Moreover, the architecture can be improved further by the
    removal of the ROM. The proposed architecture has been prototyped, simulated and synthesized by the Altera Stratix FPGA. Experimental results reveal that the circuit with processing two characters at a time attains the throughput up to 6.75 Gbits/sec with area cost of 0.7 logic elements (LEs) per character. The circuit with processing four input characters at a time achieves the throughput up to 9.2 Gbits/sec with area cost of 2.75 LE per character. As compared with related works, experimental results show that the proposed architecture achieves higher throughput and less hardware resource in the FPGA implementations of NIDS.

    1 Introduction...........................................1 1.1 What isMalicioius Code...............................1 1.2 Types of Malicious Code..............................1 1.3 Network Intrusion Detection System...................3 1.4 Motivation...........................................5 1.5 Scope of the thesis..................................6 2 Background.............................................7 2.1 Regular Expression...................................7 2.2 Content AddressableMemory (CAM)......................9 2.3 Shift-or Algorithm..................................10 3 ROM-based Architecture................................12 3.1 BasicModule Circuit.................................13 3.2 High Throughput Module Circuit......................15 3.3 Experimental Results................................18 4 Bitmap Encoding Architecture..........................22 4.1 BasicModule Circuit.................................23 4.2 High Throughput Module Circuit......................27 4.3 Experimental Results................................28 5 Partial Encoding Architecture.........................30 5.1 High Throughput Module Circuit with q =2............30 5.2 High Throughput Module Circuit with q =4............34 5.3 Experimental Result.................................35 6 Conclusions...........................................41 References..............................................42

    [1] SNORT official web site. http://www.snort.org.

    [2] TriMatrix Embedded Memory Blocks in Stratix & Stratix GX Device, Chapter2 of Stratix Device Family Data Sheet, Vol. II, Altera Coorporation, 2005.
    http://www.altera.com/literature/hb/stx/ch 3 vol 2.pdf.

    [3] R. Baeza-Tates & G.H. Gonnet. (1992). “A new approach to text searching.”Communications of the ACM, 35, 74–82.

    [4] Z.K. Baker & V.K. Prasanna. (2005). “High-throughput Linked-Pattern Matching for Intrusion Detection Systems.” In Proceedings of the 2005 symposium on Architecture for networking and communications systems, 193–202.

    [5] C. Clark & D. Schimmel. (2004). “Scalable multi-pattern matching on high-speed networks.” In Proceedings of the IEEE Symposium on Field-Programmable Custom Computing Machines, 249–257.

    [6] Y. H. Cho & W. H. Mangione-Smith. (2004). “Deep packet filter with dedicated logic and read only memories.” In Proceedings of the IEEE Symposium on Field- Programmable Custom Computing Machines, 125–134.

    [7] B. L. Hutchings, R. Franklin & D. Carver. (2002). “Assisting network intrusion detection with reconfigurable hardware.” Proceedings of the IEEE
    Symposium on Field-Programmable Custom Computing Machines, 111–120.

    [8] M. Gokhale, D. Dubois, A. Dubois, M. Boorman, S. Poole & V.Hogsett. (2002). “Granidt: towards gigabit rate network intrusion detection technology.” Proceedings of the International Conference on Field Programmable
    Logic and Application, 404–413.

    [9] J. Moscola, J. W. Lockwood, R. P. Loui & M. Pachos. (2003).“Implementation of a content-scanning module for an internet firewall.” Proceedings of the IEEE Symposium on Field-Programmable Custom Computing Machines, 31–38.

    [10] T. Ramirez & C. D. Lo. (2003). “Rule set decomposition for hardware network intrusion detection.” in the 2004 International Computer Symposium (ICS 2004), 31–38.

    [11] J. Singaraju, L. Bu & J. A. Chandy. (2005). “A signature match processor architecture for network intrusion detection.” Proceedings of the IEEE Symposium on Field-Programmable Custom Computing Machines, 235–242.

    [12] I. Sourdis & D. N. Pnevmatikatos. (2004). “Pre-decoded cams for efficient and high-speed nids pattern matching.” Proceedings of the IEEE Symposium on Field-Programmable Custom Computing Machines, 258–267.

    [13] Chia-Tien Dan Lo, private discussion.

    QR CODE