目前的網路入侵偵測研究中，主要都是以找到好的演算法來設計快速的硬體比對電路為主，鮮少有於系統方面的探討，本論文希望除了針對電路層面的研究外，也能將其實現成系統，將電路以模組化的方式掛在系統上，成為系統中最重要的核心技術。緊接著我們希望從系統層面來觀看，提出兩種不同架構來做比較，瞭解在使用不同的Buffer來傳輸時，對整體的系統效能的影響性，不管是在System Throughput或者是System Transmission Latency Time的表現上，都會是我們發展入侵偵測系統的一些參考指標。最後在實驗部分，我們希望將整個系統建構在一個乾淨的網路環境底下，以避免量測上得誤差，並利用流量產生工具實際送出攻擊封包以對數據做量測。

Existing researches on network intrusion detection system often focus on the design of a fast pattern matching circuit instead of a discussion for the whole system. This paper not only looks into the circuit level but also implements a complete system. The fast pattern matching circuit, which is the core technique for detection, will be embedded as a module in the system. We proposed two different architectures and provided a system-level comparison. We use System Throughput and System Transmission Latency Time as the reference targets to find out the impact of using different buffers to transmit on system performance. In experiments, we setup the detection system in a clean environment to prevent the measurement error, and do the measurements by using the network traffic generation tool to send attack packets.

[1] SNORT official web site.
http://www.winsnort.com/

[2] 薛宇盛, 入侵偵測系統實務 WinSnort for Windows 2003, 松崗圖書, 2006

[3] XILINX official web site.
http://www.xilinx.com/

[4] R. Baeza-Tates, G.H. Gonnet, "A new approach to text searching,"
Communications of the ACM, Vol. 35, pp.74-82, 1992.

[5] The Linux Socket Filter
http://www.linuxjournal.com/article/4659

[6] 阮煥鈞, 應用於網路入侵偵測系統之高效能電路可程式化系統晶片設計, 國立台灣師範大學資訊工程研究所碩士論文, 94學年度。

[7] 黃威智, 在可程式化系統晶片中實現網路入侵偵測系統之高效能封包分類與比對電路, 國立臺灣師範大學資訊工程學系研究所碩士論文, 95學年度

[8] 施映男, 超越10Gbps之超高速特徵比對電路設計及其在網路入侵偵測系統之應用, 國立臺灣師範大學資訊工程學系研究所碩士論文, 95學年度

[9] H.C. Roan, W.J. Hwang, W.J. Huang, C.T.D. Lo, "Network Intrusion Detection Based On Shift-OR Circuit," accepted for publication in the Journal of Information Science and Engineering, 2007.

[10] H.C. Roan, W.J. Hwang, C.T.D. Lo, "Shift-Or Circuit for Efficient Network
Intrusion Detection Pattern Matching," in the 2006 International Conference on Embedded and Ubiquitous Computing, Aug. 1-4, Korea, Vol. 4096, pp. 776-784, 2006.

[11] H.C. Roan, W.J. Hwang, C.T.D. Lo, "Shift-Or Circuit for Efficient Network
Intrusion Detection Pattern Matching," in the 16th International Conference on Field Programmable Logic and Applications (FPL 2006), Madrid, SPAIN, August 28-30, 2006, pp. 785 - 790.

[12] Xilinx XAPP912, Reference System: MCH OPB DDR SDRAM with OPB
Central DMA, 2007

[13] Xilinx XAPP730, Getting Started with uClinux on the MicroBlaze Processor,
2007

[14] UDP Flooder 2.00
http://www.csie.ncu.edu.tw/~cs000877/security/html/process.html

[15] Xilinx XAPP529, Connecting Customized IP to the MicroBlaze Soft Processor
Using the Fast Simplex Link (FSL) Channel, 2004

[16] C.H. Lin, C.T. Huang, C.P. Jiang, S.C. Chang, "Optimization of Pattern Matching
Circuits for Regular Expression on FPGA," Proceedings of the IEEE Transactions on Very Large Scale Integration (VLSI) Systems, VOL. 15, NO. 12, December 2007.

[17] V. Dimopoulos, G. Papadopoulos, and D. Pnevmatikatos, "On the importance of
header classification in hw/sw network intrusion detection systems," Proceedings of the 10th Panhellenic Conference on Informatics, 2005.

[18] H. Song and J. Lockwood, "Efficient packet classification for network intrusion
detection using FPGAs," Proceedings of the IEEE Symposium on Field-Programmable Gate Arrays, pp.238-245, 2005.