跳到主要內容

臺灣博碩士論文加值系統

(3.236.84.188) 您好!臺灣時間:2021/08/06 11:59
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:陳盈村
研究生(外文):Ying-Tsun Chen
論文名稱:網路安全系統之TCAM字串比對架構設計
論文名稱(外文):A Novel Pattern Matching Architecture with TCAM for Network Security System
指導教授:黃能富黃能富引用關係
指導教授(外文):Nen-Fu Huang
學位類別:碩士
校院名稱:國立清華大學
系所名稱:資訊工程學系
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2004
畢業學年度:92
語文別:英文
論文頁數:37
中文關鍵詞:入侵偵測系統字串比對三態內容存取記憶體二元內容存取記憶體前置處理器
外文關鍵詞:IDSpattern matchingTCAMBCAMpreprocessor
相關次數:
  • 被引用被引用:0
  • 點閱點閱:143
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
現今網路型入侵偵測系統已經被大量的佈置。特徵比對網路型入侵偵測系統的效能是根據字串比對演算法,將封包內容跟特徵做比對。以軟體實做字串比對的演算法雖然具有較彈性的優點,但其效能卻不盡理想。本論文設計了一個使用TCAM與BCAM為前處理器系統加速字串比對速度。TCAM是一種可儲存三種邏輯值”0”, “1”,“don’t care”的記憶體。特徵的字首被謹慎地結構化後儲存在BCAM與TCAM中。當封包到達時,每個BCAM/TCAM項目將被同時搜尋。所有的封包都會被兩階段的掃描。第一階段,使用BCAM/TCAM快速地指出攻擊可能發生的位置。第二階段,系統才會真正地確認攻擊碼是否存在。根據效能評估,這個架構可以達到multi-gigabits的效能。
Network intrusion detection systems (NIDS) are widely deployed in the past years. The performance of signature-based NIDS depends on the employed string matching algorithms to matching the incoming packets with the pre-defined signature database. Software-based implementation of pattern matching algorithm offers the advantage of flexibility but suffers from the performance problem, especially for the gigabit rate environment. In this thesis, a ternary content addressable memory (TCAM) and binary CAM (BCAM) based preprocessor architecture to accelerate the signature matching is proposed. TCAMs are fully associative memories that allow a “don’t care” state to be stored in each memory cell in addition to 0s and 1s. The prefix of signatures (rules) are structured carefully and stored in BCAM/TCAM. When a packet comes, each BCAM/TCAM entry is looked up in parallel. All packets will be scanned in two pipeline stages. In stage 1, packets are scanned using BCAM/TCAM very fast to indicate where the possible attack codes occur. In stage 2, the system will identify if the attack code truly exists. The performance analysis of the proposed mechanism is also provided, and from the analysis, the proposed architecture can operate at multi-gigabit rate.
[1] Panos C. Lekkas, “Network Processors: Architectures, Protocols and Platforms”, McGraw-Hill, 2003.
[2] McHugh, J., Christie, A, and Allen, J. “Defending Yourself: The Role of Intrusion Detection Systems,” IEEE Software, Vol. 17, Issue: 5, Sept.-Oct. 2000, pp.42–51.
[3] Bo Jiang and Bin Liu “High-Speed Discrete Content Sensitive Pattern Match Algorithm for Deep Packet Filtering”, International Conference on Computer Networks and Mobile Computing (ICCNMC 2003), Shanghai, China, October. 2003, pp.149–156.
[4] Snort: The Open Source Network Intrusion Detection System, http://www.snort.org/
[5] Young H. Cho, Shiva Navab, and William H. Mangione-Smith, “Specialized Hardware for Deep Network Packet Filtering”, Proceedings of FPL 2002, LNCS 2438, pp.452-461.
[6] Nathan Tuck, Timothy Sherwood, Brad Calder, and George Varghese, “Deterministic Memory-Efficient String Matching Algorithms for Intrusion Detection”, IEEE INFOCOM 2004, Hong Kong, China, March 2004.
[7] Mike Fisk and George Varghese, “Applying Fast String Matching to Intrusion Detection”, September 2002. http://public.lanl.gov/mfisk/papers/setmatch-raid.pdf
[8] “Implementing High-Speed Search Applications with Altera CAM”, Altera Application Note 119, July 2001.
[9] Mike Fisk and George Varghese, “Fast Content-Based Packet Handling for Intrusion Detection”, USCD Technical Report CS2001-0670, May 2001.
[10] Y.C. Huang, P. Zhang, and S.L. LI, “Research on Distributed Real Time Network Information Auditing System”, ICICS 2001, Xian, China.
[11] PMC Sierra Inc, “PM2329 ClassPI Network Classification Processor Datasheet”, 2001
[12] IDT Inc, “Classification and Content Inspection Co-Processor”, 2003.
[13] D. Knuth, J. Morris, and V. Pratt, “Fast pattern matching in strings”, SIAM Journal on Computing, 1977, pp.323-350.
[14] B. L. Hutchings, R. Franklin, and D. Carver, “Assisting Network Intrusion Detection with Reconfigurable Hardware”, FCCM02, Napa, California, September 2002.
[15] Vern Paxson, “Bro: A system for detecting network intruder in real-time”, Computer Networks, vol.31, no. 23-24, Dec 1999, pp.2435-2463.
[16] R.S. Boyer and J.S. Moore, “A fast string searching algorithm” Communications of the ACM, 1977, pp.762-772.
[17] R.N. Horspool, “Practical fast searching in strings”, Software - Practice and Experience, 1980, pp.501-506.
[18] A. Aho and M. Corasick, “Efficient string matching: An aid to bibliographic search," Communications of the ACM, Vol. 18, No. 6, June 1975, pp.333-343.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關期刊