王勝德Wang, Sheng-De臺灣大學:電機工程學研究所楊滔Ieong, TouTouIeong2010-07-012018-07-062010-07-012018-07-062008U0001-0808200816551100http://ntur.lib.ntu.edu.tw//handle/246246/187970網路安全偵測系統（Network Intrusion detection system）收集已知的網路攻擊的特徵碼（signatures）針對封包內容和特徵碼做樣式比對（Pattern Matching），保護我們的網路環境。特徵碼通常以正規表達式（Regular Expressions）表示，在偵測系統中樣式比對功能佔用了大量的計算時間。為了保持網路的運作速度，硬體加速器被應用在網路安全偵測系統上。在本論文中，我們延伸 H-cFA成為Bitmap H-cFA，它利用位元對應的方式記錄走過的狀態，透過History buffer 記錄重覆次數，從而減少總狀態數。Bitmap H-cFA不管保持了H-cFA 的少記憶體特性，同時增加支援的正規表達式格式，建立一個更一般化的樣式比對引擎。我們同時提出一個硬體加速封包處理平台，它提供在FPGA上測試樣式比對智財 (IPs)。它包括封包擷取器和 TCP標頭分析器，它提供很容易的整合樣式比對引擎測試整個系統。我們在Xilinx ML405 FPGA 開發板上實作了封包處理平台和樣式比對引擎，最後得到231 Mbps 的處理流量。A Network Intrusion Detection System (NIDS) collects known signatures of network threats and carries out pattern matching between packet payload and signatures to protect our network. Signatures are often represented by regular expressions and pattern matching occupied most of computing time in an NIDS. To keep the network operating at full speed, hardware accelerators are used in pattern matching. In this thesis, we extended the History based Counting Finite Automaton (H-cFA) to Bitmap H-cFA, which used a bitmap data structure to store the "walked" states and recorded the repeat count in a history buffer to reduce the total number of states in finite automata. Bitmap H-cFA not only kept the low memory characteristic but also provided more support in regular expression formats, making a more generalized pattern matching engine. We also presented a hardware accelerated packet processing platform, which allowed pattern matching intellectual properties (IPs) to be tested in FPGA. The proposed packet processing platform consisted of a packet payload extractor and a TCP packet header parser. It could easily be integrated with a pattern matching engine to test the system. We implemented the proposed packet processing platform and the pattern matching engine in a Xilinx ML405 FPGA development board and obtained a processing throughput of 231 Mbps.誌謝 i要 iibstract iiiontents ivigures viables viihapter 1 Introduction 1.1 Background 1.2 Contributions 3.3 Thesis Organization 3hapter 2 Related Work 5.1 String Matching Hardware Architectures 5.2 Implementation of Regular Expressions 6.3 Network Platform 7hapter 3 Bitmap H-cFA 8.1 Introduction of H-FA and H-cFA 8.2 Motivation 11.3 Examples of Bitmap H-cFA 12.4 Data structure of Bitmap H-cFA 15.5 Work Flow 16.6 Evaluation 20hapter 4 Network Offload Engine 21.1 Motivation 21.2 Design Considerations 22.3 Modules Description 24.3.1 Retriever Module 24.3.2 Header Parser Module 25.3.3 Pattern Matching Module 25.3.4 Central Controller Module 26.4 Buffers Description 27.5 Data Flow 28.6 Characteristics 29hapter 5 Implementation Results 32.1 FPGA Development Board 32.2 System Architecture 33.3 Implementation Details 34.4 Synthesis Result 35.5 Performance Estimation 38.6 System Performance 40hapter 6 Conclusions and Future Work 42.1 Conclusions 42.2 Future Work 43eferences 441024449 bytesapplication/pdfen-US樣式比對正規表示式封包處理平台Pattern MatchingRegular ExpressionsPacket Processing Platformthesishttp://ntur.lib.ntu.edu.tw/bitstream/246246/187970/1/ntu-97-R95921090-1.pdf