(3.227.0.150) 您好!臺灣時間:2021/05/08 10:45
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果

詳目顯示:::

: 
twitterline
研究生:高志誠
研究生(外文):Chih-Cheng Kao
論文名稱:應用於Snort Rule之平行比對病毒偵測系統
論文名稱(外文):The Virus Detection System with Parallel Pattern-Matching for Snort Rule
指導教授:朱元三
指導教授(外文):Yuan-Sun Chu
口試委員:吳承崧蕭勝夫陳中和
口試委員(外文):Cheng-Shong WuShen-Fu HsiaoChung-Ho Chen
口試日期:2011-07-27
學位類別:碩士
校院名稱:國立中正大學
系所名稱:電機工程研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2011
畢業學年度:99
語文別:中文
論文頁數:55
中文關鍵詞:入侵偵測系統病毒偵測
外文關鍵詞:IDSVirus detectionSnort rule
相關次數:
  • 被引用被引用:0
  • 點閱點閱:262
  • 評分評分:系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔
  • 下載下載:24
  • 收藏至我的研究室書目清單書目收藏:0
近年隨著網路的發展迅速,給人類、經濟、社會文化帶來了無限的商機,但同時也為網路安全帶來了嚴格的挑戰。病毒偵測、防火牆和入侵偵測技術也隨之因應而生來保護網路上訊息流動的安全,隨著網路技術不斷發展,入侵偵測系統已經成為了網路安全中不可或缺的一個架構。但隨著網路的頻寬及速度不斷提高,以及網路駭客的攻擊種類急遽增加,使得入侵偵測技術的要求不斷提高,而根據AV-comparatives實驗室2010年所進行的防毒軟體測試,有些軟體誤判率會到達10%以上。因此,提高入侵偵測系統的效率儼然成為了一個重要的研究議題。
由於軟體的處理速度已漸漸地追不上網路流量的傳輸,台灣網路測試中心測試每8M bits就要花0.1742秒,而我們每天的流量卻高出好幾千倍。本論文提出了一個結合Snort入侵偵測系統的規則內容比對的架構,將內容比對平行化處理,以提升速度為要求,設計出準確率高的硬體處理器。最後設計出的晶片頻率可達到453MHz,並可以針對超過4020條Snort rules進行比對,速度及效率比起純軟體執行都有顯著的提升。

The internet has got explosive development in recent years ,which brings the infinite opportunity to the human society、 economy and the culture, meanwhile, it also brings information network security rigorous challenge. People use anti-virus、firewall and intrusion detection technology to ensure the information network security. With the highly development of the network technology, The intrusion detection system has become the necessary part of the network security architecture. With the increase network bandwidth and the variety of the attack from internet hacker, the request of the intrusion detection is becoming heavier. According to the antivirus software test from AV-comparatives laboratory at 2010, some program got more than 10% rate mismatch. Therefore, it is a crucial topic of how to create high efficient intrusion detection. The process time of the software is gradually unable to catch up with the network traffic, Taiwan network transmission test center test that 8Mbits will cost 0.1742s for packet stream, and our packet usage for daily internet more than thousands of times. We design a system that integrate Snort rule content matching and parallelized the architecture of the content matching, focus on the speed up、high accuracy hardware processor. The frequency of our chip design can reach to 453MHz and matching for over 4020 Snort rules, the speed and efficiency has significantly improved compared to the software implementation .
致謝辭 i
中文摘要 ii
英文摘要 iii
目錄 iv
圖目錄 vi
表目錄 vii
第一章 簡介 1
1.1 現況概要 1
第二章 背景 4
2.1 入侵偵測系統 4
2.1.1 入侵偵測系統 6
2.1.2 入侵防禦系統 6
2.2 Snort 9
2.2.1 Snort 系統 9
2.2.2 Snort 規則 11
2.3 病毒 12
2.4 相關研究 13
第三章 系統架構 19
3.1 設計流程 19
3.1.1 Header比對系統 25
3.1.2 內容平行化比對系統 27
3.2 雜湊函數 29
3.3 單維度搜尋過濾器
3.3.1 基本原理 32
3.3.2 單維度搜尋過濾器搜索方式 33
3.4 單維度搜尋過濾器細部動作流程 35
3.4.1 寫入流程 36
3.4.2 查詢流程 37
3.4.3 更新流程 38
第四章 架構實現 40
4.1 硬體架構 40
4.2 Header比對系統 41
4.3 內容平行比對器 45
4.4 功能測試 48
4.5 效能分析 49
第五章 結論 51
參考文獻 52

[1]賽門鐵克 官 方 網 站, http://www.symantec.com/zh/tw/index.jsp
[2]http://www.crime-research.org/news/26.01.2010/3764/
[3]http://en.wikipedia.org/wiki/Intrusion_detection_system
[4]Snort官 方 網 站, http://www.snort.org/
[5]Clam-AV, http://www.clamav.com/
[6]http://www.symantec.com/security_response/writeup.jsp?docid=2004-021914-2822-99
[7]http://en.wikipedia.org/wiki/Computer_worm
[8]Natalia Stakhanova .Yao Li . Ali A. Ghorbani .Classification and discovery of rule misconfigurations in intrusion detection and response devices ,. 2009. CONGRESS '09. World Congress on Privacy, Security, Trust and the Management of e-Business,
[9]Ehsan Azimi. M.B. Ghaznavi-Ghoushchi. Amir Masoud Rahmani. Implementation of simple SNORT processor for efficient Intrusion Detection systems. IEEE International Conference on Intelligent Computing and Intelligent Systems, ICIS 2009.
[10]K. Salah A. Kahtani. Improving Snort performance under Linux. IET Communications. April 2009
[11]Ioannis Sourdis. Vasilis Dimopoulos. Dionisios Pnevmatikatos. Stamatis Vassiliadis . Packet Pre-filtering for Network Intrusion Detection .. ACM/IEEE Symposium on Architecture for Networking and Communications systems, ANCS 2006.
[12]Heeyeol Yu and Rabi Mahapatra. A Memory-Efficient Hashing by Multi-Predicate Bloom Filters for Packet Classification. IEEE INFOCOM 2008 proceedings
[13]Cheng-Hung Lin, , and Shih-Chieh Chang, Efficient pattern matching algorithm for memory architecture . IEEE TRANSACTIONS ON VERY LARGE SCALE INTEGRATION (VLSI) SYSTEMS, VOL. 19, NO. 1, JANUARY 2011
[14]A.G. Alagu Priya, Hyesook Lim . Hierarchical packet classification using a Bloom filter and rule-priority tries. Computer Communications 33 (2010).
[15]Saraswathi Sachidananda, Mintu Shah, Srividya Gopalan, Sridhar Varadarajan. Priority-based High-speed Intelligent Rule-checking . ICACT.2006.
[16]Amol Mupid1, Madhu Mutyam2, N. Vijaykrishnan1, Y. Xie1, M. J. Irwin1. Variation Analysis of CAM Cells. ISQED.2007.
[17]Christopher V. Kopek. Errin W. Fulp. Patrick S. Wheeler. Distributed Data Parallel Techniques for Content-Matching Intrusion Detection Systems . Military Communications Conference, 2007. MILCOM
[18]Chao-Ching Wang ,,Chien-Jen Cheng,Tien-Fu Chen,and Jinn-Shyan Wang “An Adaptively Dividable Dual-Port BiTCAM for Virus-Detection Processors in Mobile Device” National Chung-Cheng University, ISSCC.2007
[19]http://www.cse.yorku.ca/~oz/hash.html
[20]http://www.muquit.com/muquit/software/Count/Count2.6/Count2.6/database.html
[21]Lun-Ming Shen . A SoC-Based Correlation Detection Engine for NIDS .
[22]Kuo Zhao, Jianfeng Chu, Xilong Che, Lin Lin, Liang Hu Improvement on rules matching algorithm of snort based on dynamic adjustment . IWASID.2008.
[23]Erwan, Lemonnier “Protocol Anomaly Detection in Network-based IDSs” Defcom Sweden, Stockholm, 28 June 2001
[24]Felipe Arboleda, Edward Bedón, “Snort diagrams for developers”, April 2005, at: http://www.snort.org/
[25]Hutchings, B.L.; Franklin, R.; Carver, D.;Field-Programmable Custom Computing Machines, 2002. Proceedings. 10th Annual IEEE Symposium on22-24 April 2002 Page(s):111 - 120 Digital Object Identifier 10.1109/FPGA.2002.1106666
[26]Check Point, “Protocols and Related Defenses – Application Layer”, at: http://www.checkpoint.com/appint/appint_application_layer.html
[27]Gordano, “Gordano Knowledge Base - Do partial messages bypass SMTP Content Protection? ”, at: http://www.gordano.com/
[28]Infopeople, “Network Security - Basic Firewall Configuration”, at:
http://www.infopeople.org/
[29]Syngress, “Attack Detection and Defense”, at:
http://www.syngress.com/book_catalog/312_NetScr/sample.pdf
[30]Raven Alder, Jacob Babbin, SYNGRESS, “Snort 2.1 Intrusion Detection”, Second Edition, May 2004
[31]Snort Users Manual, http://www.snort.org, viewed at 2009-5-14.
[32]Jason Larsen & Jed Haile, “Understanding IDS Active Response Mechanisms”, Jan 29, 2002
[33]Atsushi Yoshioka, Shariful Hasan Shaikot, and Min Sik Kim. Rule Hashing for Efficient Packet Classification in Network Intrusion Detection. Computer Communications and Networks, 2008. ICCCN '08. Proceedings of 17th
[34]S. Wu and U. Manber, “A fast algorithm for multi-pattern searching,”. University of Arizona, Tech. Rep., 1994.
[35]Sourcefire. Snort rule optimizer. In www.sourcefire.com/whitepapers/sf snort20 ruleop.pdf, June 2009
[36]MIT Lincoln Laboratory, at: http://www.ll.mit.edu/
[37]CiperTrust, “What E-mail Hackers Know That You Don’t”, October 2005
[38]At: http://www.webopedia.com/TERM/F/FQDN.html
[39]Muhammad Naveed1, Shams un Nihar2, Mohammad Inayatullah Babar3. Network Intrusion Prevention by Configuring ACLs on the Routers, based on Snort IDS alerts.. International Conference on Emerging Technologies (ICET), 2010 6th
[40]Xianjin Fang . Lingbing Liu . Integrating Artificial Intelligence into Snort IDS . International Workshop on Intelligent Systems and Applications (ISA), 2011 3rd .


QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
系統版面圖檔 系統版面圖檔