近年來因為社會各業仰賴電腦及網路的正常運作,因此網路及電腦安全越來越受到重視。基於特徵比對的網路型入侵偵測系統可以在封包到達主機前過濾掉含有惡意特徵之封包,因此經常被視為網路防護的防線。以軟體實作之入侵偵測系統比對特徵之效能有限,無法負荷於Gbps等級之網路頻寬。因此本研究使用NetFPGA實作網路型入侵偵測系統的特徵比對功能,讓入侵偵測的比對效能可以承擔Gbps的網路流量。然而由於惡意程式碼特徵數逐年增長,在單一FPGA晶片中儲存全部的惡意特徵顯得越來越困難。因此本研究提出結合FPGA及軟體共同防護的系統架構,當規則數無法儲存於單一FPGA晶片時,可將其分擔至軟體型入侵偵測系統上比對,此設計為過去研究未曾嘗試的架構,並且本研究應用布隆過濾器,開發過濾正常封包的流量過濾器,用於減少軟體型入侵偵測系統的封包處理量,以降低效能瓶頸出現的機會。此外過去研究往往僅使用FPGA中單一資源儲存特徵規則,當單一硬體資源耗竭後,無法使用其他資源儲存更多的特徵規則。因此本研究在演算法設計時使用嶄新的設計概念,結合NFA及AC的演算法,讓特徵字串的儲存可以分配到FPGA晶片上CLB及BRAMs兩種資源中,經實驗證實可以在NetFPGA上儲存2451條Snort規則 (共57630位元組),更加有效的利用FPGA晶片上之資源。 In modern society, all walks of life rely on the function of computers and networks, therefore, the computer and network security are becoming more and more important. For avoiding the damage of property, Nework Intrusion Detection Systems (NIDS) are regarded as an indispensable device for network security. However, the software-based NIDS, such as Snort, cannot sustain well protection when the systems meet high network flow under Gbps network. For this reason, this research focuses on the design of high performance intrusion detector and implements the functions of NIDS on NetFPGA. But the growing number of signature, it’s getting more difficult to store all the necessary signatures in single FPGA on-chip resource. Therefore this research proposes a system architecture combining FPGA and software-based NIDS for offering complete signature set. Once the signatures cannot be stored in single FPGA, some signature can be distributed to software-based NIDS and be matched by the software-based NIDS later. This is a fresh system architecture that has not been tried. Because of performance issue, this rearch developed a Normal Traffic Filter (NTF) by using Bloom filters to offload software-based NIDS. Besides, this research proposes a brandnew design concept that combines the NFA and AC algorithms for storing the signatures in two different on-chip resources (CLB and BRAMs); this method can store more signatures by distributing signatures to CLB and BRAMs. Experiments showed that this novel algorithm can store 2451 snort rules (total 57630 bytes) without consuming up on-chip resource on NetFPGA.