利用決策樹改善以 FPGA 為基礎之入侵偵測系統資源利用

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：47

、訪客IP：3.144.232.79

姓名

魏雅笛(Ya-Ti Wei) 查詢紙本館藏

畢業系所

資訊管理學系

論文名稱

利用決策樹改善以 FPGA 為基礎之入侵偵測系統資源利用
(Using Decision Trees to Improve Resource Utilization on FPGA-based Network Intrusion Detection System)

相關論文

★ 應用數位版權管理機制於數位影音光碟內容保護之研究	★ 以應用程式虛擬化技術達成企業軟體版權管理之研究
★ 以IAX2為基礎之網頁電話架構設計	★ 應用機器學習技術協助警察偵辦詐騙案件之研究
★ 擴充防止詐欺及保護隱私功能之帳戶式票務系統研究-以大眾運輸為例	★ 網際網路半結構化資料之蒐集與整合研究
★ 電子商務環境下網路購物幫手之研究	★ 網路安全縱深防護機制之研究
★ 國家寬頻實驗網路上資源預先保留與資源衝突之研究	★ 以樹狀關聯式架構偵測電子郵件病毒之研究
★ 考量地區差異性之隨選視訊系統影片配置研究	★ 不信任區域網路中數位證據保留之研究
★ 入侵偵測系統事件說明暨自動增加偵測規則之整合性輔助系統研發	★ 利用程序追蹤方法關聯分散式入侵偵測系統之入侵警示研究
★ 一種網頁資訊擷取程式之自動化產生技術研發	★ 應用XML/XACML於工作流程管理系統之授權管制研究

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

[檢視]

[下載]

本電子論文使用權限為同意立即開放。
已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。
請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。

摘要(中)

網路的應用對於目前個人及企業越來越重要，網路的頻寬也不斷的成長，網
路入侵測系統基於特徵比對便成為個人及企業不可或缺的基礎防謢。然而目前入
侵偵測系統大多架設在軟體的架構之上，越來越無法應付目前網路現況；相反地，
硬體具有高速及帄行比對能力，能夠進行快速的比對，尤其 FPGA 能重覆燒錄及
快速製作雛型，相當合適設計入侵偵測系統。但 FPGA 內所能使用的資源有限，
而特徵資料庫卻需要不斷的更新及擴張，故本研究基於以上動機，利用 FPGA 設
計入侵偵測系統，以決策樹處理規則的標頭，再依規則標頭比對架構建置多字串
比對群組來進行封包內容的比對。本研究提出的架構帄均可以降低 56%的電路資
源使用率，故能擁有更多資源來擴充新的規則，具有可擴張性，而且採用多字串
比對群組，可以使用特徵字串帄行比對增加效能，實驗証明本系統架構可以使用
較少的資源，且較其它 FPGA 設計更具效能。

摘要(英)

As network services become more and more important in our society, the demand
for network security systems is increasing. Network intrusion detection systems (NIDS)
provide an effective and secure solution to the network attacks and are widely used in
enterprises. Many NIDSs, such as Snort, are based on software, so their processing
speeds are much slower than wire-speed. FPGA technology has properties which are
high speed string matching and reprogrammable, but the resources in FPGA are limited
while the database of signatures has become very large and keeps growing.
In this thesis we use decision tree to improve the utilization of resources when
implementing NIDS on FPGA. The system uses decision tree to process the rule
header to reduce resource requirements. Rule options are organized to multiple string
matching groups according to the matching results of rule header. We implement an
IDS circuit that process 1023 Snort rules at FPGA. The experimental results show
that the system can reduce the average of resource by 56%.
In addition, we develop a tool to automatically generate the Verilog HDL source
code of the IDS circuit from a Snort rule set. Using the FPGA and the IDS circuit
generator, the proposed system is able to update the matching rule corresponding to
new intrusion and attacks.

關鍵字(中)

★ 入侵偵測系統
★ 非決定性有限狀態自動機
★ 決策樹
★ 現場可規劃邏輯閘陣列

關鍵字(英)

★ Network intrusion detection systems (NIDS)
★ Decision tree
★ NFA
★ FPGA

論文目次

中文摘要 I
英文摘要 II
圖目錄 V
表目錄 VII
第一章緒論 …………………………….. 1
1.1 研究背景 1
1.2 研究動機與目的 3
1.3 研究方法及定義 5
1.4 研究貢獻 5
1.5 章節架構 6
第二章相關研究 7
2.1 FPGA簡介 7
2.1.1 FPGA設計流程 8
2.1.2 FPGA實作開發 10
2.1.3 FPGA效能評估 10
2.2 規則標頭 14
2.2.1 基於軟體架構的標頭比對 14
2.2.2 基於FPGA的標頭比對 16
2.3 基於FPGA特徵字串比對 20
2.4 基於FPGA之入侵偵測系統研究 21
2.5 相關研究比較 23
第三章系統架構及設計 25
3.1 系統架構 25
3.2標頭比對電路 (Header compare circuit ) 27
3.2.1 樹狀規則標頭比對建置 28
3.2.2 規則標頭比對電路設計 31
3.3 字串比對電路(String matching circuit ) 35
3.3.1 多字串群組的建置 35
3.3.2 字串比對電路設計 37
3.4 自動化電路產生工具 38
第四章實驗與討論 41
4.1 實驗環境 41
4.2 實驗架構 42
4.3 實驗與討論 46
4.3.1 四模型架構的效能和資源利用分析 47
4.3.2 不同規則數目下效能及資源利用分析 48
4.3.3 不同規則集合分析 51
4.4 實驗小結 54
第五章結論及未來研究 55
5.1 研究結論與貢獻 55
5.2 未來研究 55
參考文獻 57

參考文獻

中文參考文獻：
[李洪偉等 2006] 李洪偉，袁斯華，基於Quartus II的FPGA/ CPLD設計，電子工業出版社，北京， 2006。
[黃威智 2006] 黃威智，在可程式化系統晶片中實現網路入侵偵測系統之高效能封包分類與比對電路，國立臺灣師範大學碩士論文， 2006。
[鄭信源 2007] 鄭信源，Verilog硬體描述語言數位電路-設計實務，儒林出版社，台灣，2007。
英文參考文獻：
[BEG 1992] Ricardo A. Baeza-yates, Blanco Encalada, and Gaston H. Gonnet, “A new approach to text searching.Commun,” Proceedings of the 12th annual international ACMSIGIR conference on Research and development in information retrieval, Vol.23, 1992.
[CC 2003] SchimmelR. Clark and David E.Christopher, “Efficient Reconfigurable Logic Circuits for Matching Complex Network Intrusion Detection Patterns,” Field-programmable Logic and Applications, Vol.2778, P.956-P.959, 2003.
[CS 2004] Clark C. R. and Schimmel D.E., “Scalable pattern matching for high speed networks,” Proceedings of the 12th Annual IEEE Symposium on Field- Programmable Custom Computing Machines, P.249-P.258, 2004.
[DPP 2005] Vassilis Dimopoulos, Giorgos Papadopoulos, and Dionisios Pnevmatikatos, “On the Importance of Header Classification in HW/SW Network Intrusion Detection System,” Springer-Verlag Berlin Heidelberg, Vol.3746, P.661-671, 2005.
[Golson 2006] Steve Golson, “One-hot state machine design for FPGAs,” Proceedings of the 3rd PLD Design Conference, 1993.
[HFC 2002] B. L. Hutcchings, R. Franklin, and D. Carver, “Assisting network intrusion detection with reconfigurable hardware,” Proceedings of the 10th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, P.111-P.120, 2002.
[JP 2009] Weriong Jiang and Viktor K. Prasanna, “Large-Scale Wire-Speed Packet Classification on FPGAs,” Proceeding of the ACM/SIGDA international symposium on Field programmable gate arrays, P.219-P.228, 2009.
[KMTY 2004] Toshihiro Katashita, Atusi Madeda, Kenji Toda, and Yoshinori Yamaguchi, “Highly Efﬁcient String Matching Circuit for IDS with FPGA,” Proceedings of the 14th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, P.285-P.286, 2004.
[Kilt 2007] KiltsSteve, “Advanced FPGA Design - Architecture, Implementation, and Optimization,” WILEY, 2007.
[KT 2003] Christopher Kruegel and Tomas Toth, “Using Decision Trees to Improve Signature-Based Intrusion Detection,” Proceedings of the 6th International Workshop on the Recent Advances in Intrusion Detection, Vol.2820, P.173-P.191, 2003.
[KYMT 2007]Toshihiro Katashita, Yoshinori Yamaguchi, Atusi Madeda, and Kenji Toda, “FPGA-Based Intrusion Detection System for 10 Gigabit Ethernet,” The Institute of Electronics, Information and Communication Engineers Vol. E90-D, No.12 , 2007.
[NMCZ 2007] Ramanathan NarayananHonbo, Gokhan Memik, Alok Choudhary, Joseph ZambrenoDaniel, “An FPGA implementation of decision tree classification National Science Foundation,” Design, Automation & Test in Europe Conference & Exhibition, 2007.
[Quinlan 1986] J.R. Quinlan, “Induction of Decision Trees,” Maachine Learing, Vol.1, P.81-106, 1986.
[RL 2004] T. Ramirez, C. D. Lo, “Rule Set Decomposition for Hardware Network
Intrusion Detection,” International Computer Symposium, Taipei, Taiwan, 2004.
[SC 2004] J. SingarajuBu and J. A. ChandyL, “A signature match processor architecture for network intrusion detection,” Proceedings of the IEEE Symposium on Field Programmable Custom Computing Machines, 2004.
[SL 2003] Haoyu Song and John W. Lockwood, “Efficient packet classification for network intrusion detection using FPGA,” Proceedings of the 2005 ACM/SIGDA 13th International Symposium on Field-programmable Gate Arrays, P.235-P.242, 2003.
[SP 2001] Reetinder Sidhu and Viktor K. Prasanna, “Fast regular expression matching using FPGAs,” Proceedings of the 9th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, P.227-P.238, 2001.
[TLSP 2003] D. TaylorTurner, J. Lockwood, T. Sproull, and D. ParlourJ, “Scalable IP Lookup for Internet Routers,” IEEE Journal on Selected Areas in Communications, Vol.21, 2003.
[Taylor 2004] David E. Taylor, “Survey and Taxonomy of Packet Classification Techniques,” ACM Computing Surveys, Vol.37, P.238-P.275, 2004.
[WPG 2007] Nicholas Weaver, Vern Paxson, Jose M Gonzalez, “The Shunt: An FPGA-Based Accelerator for Netwrok Intrusion Prevention,” International Symposium on Field Programmable Gate Arrays, P.199-P.206, 2007.
[WMC 2006] Greg Watson, Nick McKeown and Martin Casado, “NetFPGA: A Tool for Network Research and Education,” In 2nd workshop on Architectural Research using FPGA Platforms, 2006
相關網站：
[TWNI] TWNIC-台灣網路資訊中心網路使用調查, 2009.
[網際星空] 網際星空- Quartus教學, http://home.educities.edu.tw/oldfriend/, 2009年6月擷取.
[蘇建中 2003] 蘇建中, Snort Tracing and Implementation程式追踨與模組實作指引, 網路電子文件, http://ismp.csie.ncku.edu.tw/~succ/handmade/docs/linux/snort_trace.pdf , 2009年6月擷取.
[ALTE] Altert, http://www.altera.com/.
[MODE] ModelSim, http://www.model.com/.
[QHV 2009] Quartus II Handbook Version 9.0, Altera, access at June, 2009。
[SGIS] Symantec Global Internet Security Threat Report, http://www.symantec.com/business/theme.jsp?themeid=threatreport, access at June, 2009.
[SNOR] SNORT, http://www.winsnort.com/.
[SDFD 2007] Stratix II Device Family Data Sheet, Altera, access at June, 2009.
[TIA] The ID3 Algorithm, http://www.cise.ufl.edu/~ddd/cap6635/Fall-97/Short-papers/2.htm, , access at June, 2009.

指導教授

陳奕明(Yi-Ming Chen)

審核日期

2009-7-17

推文