在入侵偵測系統中,正規表示法非常適合用來描述網路攻擊特徵。使用NFA架構硬體實作正規表式法,常會產生兩大問題,1.所佔用的硬體資料過大,2.不能新增新的rule的問題。 本篇論文著重於兩大問題的解決,對於硬體資料過大的問題,我們提出共用字串機制來解決,並改善其硬體架構,使其達到高速比對,最小化電路空間的設計。實驗結果顯示,我們的正規表示法樣式比對器,在Altera DE2上實作,速度可達到2.4 Gbps,且不影響速度情況下,可以使原設計架構有23.51%的空間改善(For snort 2.8)。 對於問題2對面不斷更新的樣式規則,我們也提出一種動態支援的比較器,以解決產品化後,未來要支援的新樣式規則。
Regular expressions are very suitable to describe the features of network attacks in an Intrusion Detection System (IDS). NFA-based hardware architectures might cause two problems. 1. NFA-based architectures occupy too much hardware area.2. NFA-based architecture can not add new rule dynamically. This paper focus on these two issues .For the first one, we propose a string mechanism to improve the hardware area of NFA circuit. The experiment results of the proposed Regular Expression matching engine can scan the payload up to the rate of 2.4 Gbps, and have 23.51% space improvement (for the snort 2.8) For the second one, we also propose a matching architecture that can support dynamic updating of new rule sets.this comparator is going to support new rule in the future.