- 學位論文
具字串共用之正規表示法樣式比對架構
A Regular Expression Pattern Matching Architecture with Common String Sharing Scheme
摘要
在入侵偵測系統中,正規表示法非常適合用來描述網路攻擊特徵。使用NFA架構硬體實作正規表式法,常會產生兩大問題,1.所佔用的硬體資料過大,2.不能新增新的rule的問題。 本篇論文著重於兩大問題的解決,對於硬體資料過大的問題,我們提出共用字串機制來解決,並改善其硬體架構,使其達到高速比對,最小化電路空間的設計。實驗結果顯示,我們的正規表示法樣式比對器,在Altera DE2上實作,速度可達到2.4 Gbps,且不影響速度情況下,可以使原設計架構有23.51%的空間改善(For snort 2.8)。 對於問題2對面不斷更新的樣式規則,我們也提出一種動態支援的比較器,以解決產品化後,未來要支援的新樣式規則。
並列摘要
Regular expressions are very suitable to describe the features of network attacks in an Intrusion Detection System (IDS). NFA-based hardware architectures might cause two problems. 1. NFA-based architectures occupy too much hardware area.2. NFA-based architecture can not add new rule dynamically. This paper focus on these two issues .For the first one, we propose a string mechanism to improve the hardware area of NFA circuit. The experiment results of the proposed Regular Expression matching engine can scan the payload up to the rate of 2.4 Gbps, and have 23.51% space improvement (for the snort 2.8) For the second one, we also propose a matching architecture that can support dynamic updating of new rule sets.this comparator is going to support new rule in the future.
參考文獻
延伸閱讀
- Liu, K. W. (2008). 精確字串比對演算法上的一些結果 [master's thesis, National Chi Nan University]. Airiti Library. https://doi.org/10.6837/NCNU.2008.00262
- Lo, S. W. (2007). 不需製表格的字串比對演算法的分析 [master's thesis, National Chi Nan University]. Airiti Library. https://doi.org/10.6837/NCNU.2007.00222
- 徐玉玲(2008)。有效的實數縮放之字串比對演算法〔碩士論文,國立暨南國際大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0020-1906200817115100
- Lin, C. H. (2008). Efficient Algorithm and Architecture Design for Regular Expression Matching [doctoral dissertation, National Tsing Hua University]. Airiti Library. https://doi.org/10.6843/NTHU.2008.00008
- Tai, Y. T. (2007). Optimization of Pattern Matching Algorithm for Memory Based Architecture [master's thesis, National Tsing Hua University]. Airiti Library. https://doi.org/10.6843/NTHU.2007.00105