網路的蓬勃發展,帶來許多的應用價值,也相對有許多惡意人士透過網路進行入侵,竊取使用者的隱密資訊,甚至破壞系統的運作,從中謀取利益。所以有許多大型機關都會在主要網路閘道上,設置網路入侵偵測防禦系統,來偵測網路流量是否有入侵威脅。但隨著網路的頻寬及速度不斷提高,以及網路駭客的攻擊種類急遽增加,使得入侵偵測技術的要求不斷提高。因此,提升入侵偵測防禦系統的效率儼然成為了一個重要的研究議題。本論文提出了一個結合Snort入侵偵測系統的規則內容比對的架構,將內容比對平行化處理,以提升速度為要求,設計出準確率高的硬體處理器。最後設計出的晶片頻率可達到435MHz,並可以針對5272條Snort rule進行比對,速度及效率比起純軟體執行都有顯著的提升。
The development of network is growing up quickly that accompanied by the many applications and many attacks. For the reason, it is necessary to establish the intrusion detection and prevention systems on the router or switch that can detect and prevent the network intrusions in the large scale institutions. With the increase network bandwidth and the variety of the attack from Internet hacker, the request of the intrusion detection is becoming heavier. Therefore, it is a crucial topic of how to create high efficient intrusion detection and prevention. We design a system that integrate Snort rule content matching and parallelized the architecture of the content matching, focus on the speed up、high accuracy hardware processor. The frequency of our chip design can reach to 435MHz and matching for 5272 Snort rules, the speed and efficiency has significantly improved compared to the software implementation.