(3.238.173.209) 您好!臺灣時間:2021/05/16 19:33
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果

詳目顯示:::

: 
twitterline
研究生:蘇延麟
研究生(外文):Su, Yanlin
論文名稱:應用於網路入侵偵測防禦系統之管線化樣式比對晶片設計
論文名稱(外文):Pipelined Pattern Matching Chip Design for Network Intrusion Detection and Prevention System
指導教授:朱元三
指導教授(外文):Chu, Yuansun
口試委員:侯廷昭陳中和蕭勝夫
口試委員(外文):Hou, TingchaoChen, ChunghoHsiao, Shenfu
口試日期:2011/07/27
學位類別:碩士
校院名稱:國立中正大學
系所名稱:電機工程研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2011
畢業學年度:99
語文別:中文
論文頁數:45
中文關鍵詞:網路入侵偵測防禦系統SnortNetFPGABloom Filter
外文關鍵詞:Intrusion Detection and Prevention SystemSnortNetFPGABloom Filter
相關次數:
  • 被引用被引用:0
  • 點閱點閱:165
  • 評分評分:
  • 下載下載:1
  • 收藏至我的研究室書目清單書目收藏:0
網路的蓬勃發展,帶來許多的應用價值,也相對有許多惡意人士透過網路進行入侵,竊取使用者的隱密資訊,甚至破壞系統的運作,從中謀取利益。所以有許多大型機關都會在主要網路閘道上,設置網路入侵偵測防禦系統,來偵測網路流量是否有入侵威脅。也因為如此,像路由器、交換器之類的網路閘道設備架設系統,就必須擁有線速率(line rate) 的頻寬,倘若入侵偵測防禦系統無法達到線速率或更快的處理速率,將會造成網路頻寬的瓶頸。在本論文中,提出一套網路入侵偵測與防禦功能的系統,實現了與Snort與NetFPGA之軟硬體協同設計,具有高彈性與偵測高效率的特色。在硬體部分以管線化的Bloom Filter架構加上分散式的規則處理,減少規則過於集中,造成偵測準確度的問題。實際上也用ASIC設計的方式在APR階段可達到495 MHz的速度,足以應付外來流量的處理,而不會造成網路流量的瓶頸。
The development of network is growing up quickly that accompanied by the many applications and many attacks. For the reason, it is necessary to establish the intrusion detection and prevention systems on the router or switch that can detect and prevent the network intrusions in the large scale institutions. If the speed of intrusion detection and prevention system is not faster than or equal to line rate, it is become to the bottleneck of network bandwidth. In this thesis, we proposed an intrusion detection and prevention system. It is a hardware software co-design implementation with NetFPGA and Snort. With this feature, it is high flexibility and high detection efficiency. The core of hardware architecture is the pipelined Bloom Filters with separation of rule sets, so it can be avoid the high density of rule spaces that reduce the accuracy of matching. In the practical design, we also implement the chip with ASIC flow. In the APR stage, it can run up to 495 MHz. Our proposed design can deal with the needs of high speed without the bottleneck of network bandwidth.
誌謝辭 v
中文摘要 vi
英文摘要 vii
目錄 viii
圖目錄 ix
表目錄 xi
第一章 簡介 1
1.1 緒論 1
1.2 動機 3
1.3 論文結構 5
第二章 理論背景 6
2.1 入侵偵測防禦系統 (Intrusion Detection and Prevention System) 6
2.2 Snort 11
2.3 相關研究 16
第三章 系統流程與架構 24
3.1 軟硬體整合之系統架構 24
3.2 設計考量 27
3.3 硬體設計流程 30
第四章 系統實作 33
4.1 Pipelined Bloom Filter設計與實作 33
4.2 NetFPGA平台實作 38
第五章 晶片實作結果與比較 40
第六章 結論 42
參考文獻 43

[1] Symantec, “Symantec Global Internet Security Threat Report Trends for 2009”, Published 2010
[2] Snort Web Page: http://www.snort.org/
[3] ClamAV Web Page: http://www.clamav.net/
[4] Ali A. Ghorbani, Wei Lu, Mahbod Tavallaee, “Network Intrusion Detection and Prevention”, Springer Published 2010
[5] DEFCON Packet Trace : http://cctf.shmoo.com/data/
[6] PCRE : http://www.pcre.org/
[7] Haoyu Song, Todd Sproull, Mike Attig, John Lockwood, “Snort Offloader: A Reconfigurable Hardware NIDS filter”, Field Programmable Logic and Applications (FPL) 2005
[8] Chang-Ching Yang, Chen-Mou Chen, Sheng-De Wang, “Two-phase Pattern Matching for Regular Expression in Intrusion Detection Systems”, Journal of Information Science and Engineering(JISE) 2010
[9] Aho Alfred V., Ravi Sethi, Jeffrey D. Ullman, Monica S. Lam, “Compilers: Principles, Techniques, and Tools 2nd Edition”, Prentice Hall Published 2006
[10] C. L. Hayes, Y. Luo, “DPICO: A High Speed Deep Packet Inspection Engine Using Compact Finite Automata”, Architecture for Network and Communications Systems(ANCS) 2007
[11] Sidhu R., Prasanna V.K., “Fast Regular Expression Matching Using FPGAs”, Field-Programmable Custom Computing Machine(FCCM) 2001
[12] Joao Bispo, Ioannis Sourdis, Joao M.P.Cardoso, Stamatis Vassiliadis, “Regular Expression Matching for Reconfigurable Packet Inspection”, Field Programmable
Technology(FPT) 2006
[13] Abhishek Mitra, Walid Najjar, Laxmi Bhuyan, “Compiling PCRE to FPGA for Accelerating SNORT IDS”, Architecture for Network and Communications Systems(ANCS) 2007
[14] Le Hoang Long, Tran Trung Hieu, Vu Tan Tai, Nguyen Hoa Hung, Tran Ngoc Thinh, Dinh Duc Anh Vu, “Enhanced FPGA-based Architecture for Regular Expression Matching in NIDS”, Electrical Engineering/Electronics Computer Telecommunications and Information Technology(ECTICON) 2010
[15] Hiroki Nakahara, Tsutomu Sasao, Munehiro Matsuura, “A Regular Expression Matching Using Non-Deterministic Finite Automaton”, Formal Methods and Models for Codesign(MEMOCODE) 2010
[16] Young H. Cho, William H. Mangione-Smith, “Deep Packet Filter with Dedicated Logic and Read Only Memorires”, Field-Programmable Custom Computing Machine(FCCM) 2004
[17] Yeim-Kuan Chang, Ming-Li Tsai, Yu-Ru Chung, “Multi-Character Processor Array for Pattern Matching in Network Intrusion Detection System”,International Conference on Advanced Information Networking and Applications(AINA) 2008
[18] Sarang Dharmapurikar, Praveen Krishnamurthy, Todd Sproull, John Lockwood, “Deep Packet Inspection using Parallel Bloom Filters”, Micro, IEEE 2004
[19] M. V. Ramakrishna, E. Fu, E. Bahcekapili, “A Performance Study of Hashing Functions for Hardware Application”, International Conference on Computing and Information(ICCI) 1994

QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top