- 學位論文
應用於網路入侵系統之高效能電路可程式化系統晶片設計
A High Performance Circuit Design Applied to Network Intrusion Detection System on a SoPC Platform
若您是本文的作者,可授權文章由華藝線上圖書館中協助推廣。
摘要
此論文提出了用硬體來實現網路入侵偵測系統的電路設計,主要的概念是採用shift-or algorithm,並只使用到shift register, OR gates 和 ROM。 整個電路架構可以把ROM去除來稍作改良。此論文提出的硬體電路已經被驗證模擬及合成於Altera Stratix FPGA。實驗結果顯示出一次處理兩個characters的時候,throughput可到達6.75 Gbits/sec,硬體資源花費0.7 LE/chars。當電路一次處理四個characters的時候,throughput可達到9.2 Gbits/sec,硬體資源花費2.75 LE/chars。跟現有文獻來探討,我們提出的硬體電路可達到較高的throughput跟比較少的硬體資源。
並列摘要
This thesis introduces a novel FPGA based signature match co-processor that can serve as the core of a hardware-based network intrusion detection system (NIDS). The central idea of the signature match coprocessor is an architecture based on the shift-or algorithm, which utilizes simple shift registers, OR gates, and ROMs where patterns are stored. Moreover, the architecture can be improved further by the removal of the ROM. The proposed architecture has been prototyped, simulated and synthesized by the Altera Stratix FPGA. Experimental results reveal that the circuit with processing two characters at a time attains the throughput up to 6.75 Gbits/sec with area cost of 0.7 logic elements (LEs) per character. The circuit with processing four input characters at a time achieves the throughput up to 9.2 Gbits/sec with area cost of 2.75 LE per character. As compared with related works, experimental results show that the proposed architecture achieves higher throughput and less hardware resource in the FPGA implementations of NIDS.
參考文獻
[3] R. Baeza-Tates & G.H. Gonnet. (1992). “A new approach to text searching.”Communications of the ACM, 35, 74–82.
[4] Z.K. Baker & V.K. Prasanna. (2005). “High-throughput Linked-Pattern Matching for Intrusion Detection Systems.” In Proceedings of the 2005 symposium on Architecture for networking and communications systems, 193–202.
[5] C. Clark & D. Schimmel. (2004). “Scalable multi-pattern matching on high-speed networks.” In Proceedings of the IEEE Symposium on Field-Programmable Custom Computing Machines, 249–257.
[6] Y. H. Cho & W. H. Mangione-Smith. (2004). “Deep packet filter with dedicated logic and read only memories.” In Proceedings of the IEEE Symposium on Field- Programmable Custom Computing Machines, 125–134.
[7] B. L. Hutchings, R. Franklin & D. Carver. (2002). “Assisting network intrusion detection with reconfigurable hardware.” Proceedings of the IEEE
被引用紀錄
施映男(2006)。超越10Gbps之超高速特徵比對電路設計及其在網路入侵偵測系統之應用〔碩士論文,國立臺灣師範大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0021-0712200716111540
賴正岳(2007)。以Microblaze處理器為基礎的網路入侵偵測系統之FPGA硬體電路實現〔碩士論文,國立臺灣師範大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0021-2910200810562062
延伸閱讀
- Chang, Y. S. (2005). 省電式晶片網路設計之計算機結構層共同合成演算法 [master's thesis, National Taiwan University]. Airiti Library. https://doi.org/10.6342/NTU.2005.02560
- 江効哲(2014)。應用可程式系統晶片技術之廣域動態頻率量測系統研製〔碩士論文,長榮大學〕。華藝線上圖書館。https://doi.org/10.6833/CJCU.2014.00107
- Peng, S. Y. (2014). 應用於可攜型嵌入式晶片系統之高效能電源管理策略 [doctoral dissertation, National Chiao Tung University]. Airiti Library. https://doi.org/10.6842/NCTU.2014.01150
- Chen, K. Y. (2016). Design and Analysis for Intrusion Detection Systems Based on Sensor Grouping [master's thesis, National Taiwan University]. Airiti Library. https://doi.org/10.6342/NTU201600162
- Yang, J. C. (2008). High-Speed Stateful Packet Inspection Architecture for Network Intrusion Detection Systems [master's thesis, National Taiwan University]. Airiti Library. https://doi.org/10.6342/NTU.2008.01146