(100.26.179.251) 您好!臺灣時間:2021/04/14 06:40
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果

詳目顯示:::

我願授權國圖
: 
twitterline
研究生:施映男
研究生(外文):Ying-Nan Shih
論文名稱:超越10Gbps之超高速特徵比對電路設計及其在網路入侵偵測系統之應用
指導教授:黃文吉黃文吉引用關係
指導教授(外文):Wen-Jyi Hwang
學位類別:碩士
校院名稱:國立臺灣師範大學
系所名稱:資訊工程研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2007
畢業學年度:95
語文別:中文
論文頁數:69
中文關鍵詞:網路入侵偵測系統FPGA實作高處理效率
外文關鍵詞:Network Intrusion Detection System (NIDS)FPGA implementationHigh throughput
相關次數:
  • 被引用被引用:2
  • 點閱點閱:143
  • 評分評分:系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
  因為在網路發達的科技社會中,網路上的犯罪行為呈現逐日攀升的現象,所以如何去保障大眾在使用網路時的安全,便成了一個很重要的議題。

在眾多的網路安全防護系統中不乏使用軟體或硬體為基礎的系統,但是大多都各有自己的利弊而無法在處理效率與設計時所消耗的資源成本上取得一個兩頭兼顧的平衡點。因此本篇的論文主要是想設計出一套新穎的Network Intrusion Detection System (NIDS),並且以硬體為核心,然後採用FPGA 為設計基礎而加以去實現。

在本論文所提出來的硬體電路設計,可以很輕易的藉由模擬實驗來證明,本論文的電路設計是一個具備著超高處理速度並且在設計過程中只需消耗少量的硬體資源成本,即可快速的以FPGA實現出一套NIDS系統電路。
A novel FPGA-based signature match circuit that can serve as the core of a hardware-based network intrusion detection system (NIDS) is presented in this paper. The circuit is based on simple shift registers and symbol encoders for the efficient signature match in hardware. As compared with related work, experimental results show that the proposed work achieves higher throughput and less hardware resource in the FPGA implementations of NIDS systems.
附表目錄...................................................vi
附圖目錄..................................................vii

第一章 緒論.................................................1
1.1 研究背景............................................1
1.1.1 惡意程式(Malicious Code)............................1
1.1.2 Network Intrusion Detection System.................4
1.2 研究動機............................................7
1.3 研究目標............................................9
1.4 全文架構............................................9
第二章 理論背景............................................11
2.1 Regular Express...................................11
2.2 Context Addressable Memory (CAM)..................13
2.3 Shift-or Algorithm................................15
第三章 基礎架構電路介紹.....................................19
3.1 ROM-based Architecture............................19
3.2 Symbol Encoder Architecture.......................27
第四章 高效能電路介紹.......................................35
4.1 高效能模組電路.....................................35
4.2 完整超高速電路.....................................44
第五章 實驗數據與效能比較....................................51
5.1 開發平台與實驗環境..................................51
5.2 實驗數據的呈現與討論................................53
第六章 結論................................................67
參考著作...................................................69
[1] SNORT official web site.
http://www.snort.org.

[2] T. Ramirez and C. D. Lo, “Rule Set Decomposition for Hardware Network Intrusion Detection,” in the 2004 International Computer Symposium (ICS 2004), Dec. 15-17, 2004, Taipei, Taiwan, 2004.

[3] M. Gokhale, D. Dubois, A. Dubois, M. Boorman, S. Poole and V. Hogsett, “Granidt: towards gigabit rate network intrusion detection technology,” Proceedings of the International Conference on Field Programmable Logic and Application, pp. 404-413, 2002.

[4] B. L. Hutchings, R. Franklin, and D. Carver, “Assisting network intrusion detection with reconfigurable hardware,” Proceedings of the IEEE Symposium on Field-Programmable Custom Computing Machines, pp.111-120, 2002.

[5] J. Singaraju, L. Bu and J. A. Chandy, “A signature match processor architecture for network intrusion detection,” Proceedings of the IEEE Symposium on Field-Programmable Custom Computing Machines, pp.235-242, 2005.

[6] I. Sourdis and D. N. Pnevmatikatos, “Pre-decoded CAMs for efficient and high-speed NIDS pattern matching,” Proceedings of the IEEE Symposium on Field-Programmable Custom Computing Machines, pp. 258-267, 2004.

[7] C. Clark and D. Schimmel, “Scalable multi-pattern matching on high speed networks,” Proceedings of the IEEE Symposium on Field- Programmable Custom Computing Machines, pp.249-257, 2004.

[8] J. Moscola, J. W. Lockwood, R. P. Loui and M. Pachos, “Implementation of a Content-Scanning Module for an Internet Firewall,” Proceedings of the IEEE Symposium on Field-Programmable Custom Computing Machines, pp.31-38, 2003.

[9] R. Baeza-Tates and G.H. Gonnet, “A new approach to text searching,” Communications of the ACM, Vol. 35, pp.74-82, 1992.
[10] H.C. Roan, C.M. Ou, W.J. Hwang and C.T.D. Lo, “Efficient Logic Circuit for Network Intrusion Detection,” Lecture Notes in Computer Science, Vol. 4096, pp.776-784, 2006.

[11] M. Aldwairi, T. Conte and P. Franzon, “Configurable string matching hardware for speeding up intrusion detection,” ACM SIGARCH Computer Architecture News, Vol. 33, pp.99-107, 2005.

[12] Y.H. Cho and W.H. Mangione-Smith, “Deep packet filter with dedicated logic and read only memories,” Proceedings of the IEEE Symposium on Field- Programmable Custom Computing Machines, pp.125-134, 2004.

[13] 阮煥鈞, 應用於網路入侵偵測系統之高效能電路可程式化系統晶片設計, 國立台灣師範大學資訊工程研究所碩士論文, 94學年度。

[14] ALTERA official web site.
http://www.altera.com
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
系統版面圖檔 系統版面圖檔