中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/49015
English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 80990/80990 (100%)
造訪人次 : 41657917      線上人數 : 1645
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋


    請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/49015


    題名: 以NetFPGA實作結合NFA及AC演算法之網路型入侵偵測系統;Using NetFPGA to Implement Integrated NFA and AC Algorithms for Network Based Intrusion Detection Systems
    作者: 許景涵;Jing-han Shiu
    貢獻者: 資訊管理研究所
    關鍵詞: Snort;NIDS;NetFPGA;NFA;布隆過濾器;AC;Snort;Bloom filter;NetFPGA;NFA;AC;NIDS
    日期: 2011-08-11
    上傳時間: 2012-01-05 15:13:15 (UTC+8)
    摘要: 近年來因為社會各業仰賴電腦及網路的正常運作,因此網路及電腦安全越來越受到重視。基於特徵比對的網路型入侵偵測系統可以在封包到達主機前過濾掉含有惡意特徵之封包,因此經常被視為網路防護的防線。以軟體實作之入侵偵測系統比對特徵之效能有限,無法負荷於Gbps等級之網路頻寬。因此本研究使用NetFPGA實作網路型入侵偵測系統的特徵比對功能,讓入侵偵測的比對效能可以承擔Gbps的網路流量。然而由於惡意程式碼特徵數逐年增長,在單一FPGA晶片中儲存全部的惡意特徵顯得越來越困難。因此本研究提出結合FPGA及軟體共同防護的系統架構,當規則數無法儲存於單一FPGA晶片時,可將其分擔至軟體型入侵偵測系統上比對,此設計為過去研究未曾嘗試的架構,並且本研究應用布隆過濾器,開發過濾正常封包的流量過濾器,用於減少軟體型入侵偵測系統的封包處理量,以降低效能瓶頸出現的機會。此外過去研究往往僅使用FPGA中單一資源儲存特徵規則,當單一硬體資源耗竭後,無法使用其他資源儲存更多的特徵規則。因此本研究在演算法設計時使用嶄新的設計概念,結合NFA及AC的演算法,讓特徵字串的儲存可以分配到FPGA晶片上CLB及BRAMs兩種資源中,經實驗證實可以在NetFPGA上儲存2451條Snort規則 (共57630位元組),更加有效的利用FPGA晶片上之資源。 In modern society, all walks of life rely on the function of computers and networks, therefore, the computer and network security are becoming more and more important. For avoiding the damage of property, Nework Intrusion Detection Systems (NIDS) are regarded as an indispensable device for network security. However, the software-based NIDS, such as Snort, cannot sustain well protection when the systems meet high network flow under Gbps network. For this reason, this research focuses on the design of high performance intrusion detector and implements the functions of NIDS on NetFPGA. But the growing number of signature, it’s getting more difficult to store all the necessary signatures in single FPGA on-chip resource. Therefore this research proposes a system architecture combining FPGA and software-based NIDS for offering complete signature set. Once the signatures cannot be stored in single FPGA, some signature can be distributed to software-based NIDS and be matched by the software-based NIDS later. This is a fresh system architecture that has not been tried. Because of performance issue, this rearch developed a Normal Traffic Filter (NTF) by using Bloom filters to offload software-based NIDS. Besides, this research proposes a brandnew design concept that combines the NFA and AC algorithms for storing the signatures in two different on-chip resources (CLB and BRAMs); this method can store more signatures by distributing signatures to CLB and BRAMs. Experiments showed that this novel algorithm can store 2451 snort rules (total 57630 bytes) without consuming up on-chip resource on NetFPGA.
    顯示於類別:[資訊管理研究所] 博碩士論文

    文件中的檔案:

    檔案 描述 大小格式瀏覽次數
    index.html0KbHTML659檢視/開啟


    在NCUIR中所有的資料項目都受到原著作權保護.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明