以NetFPGA實作結合布隆過濾器與改良式Karp Rabin演算法之網路惡意封包偵測器

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：43

、訪客IP：3.144.35.234

姓名

朱彥豪(Yan-Hao Chu) 查詢紙本館藏

畢業系所

資訊管理學系

論文名稱

以NetFPGA實作結合布隆過濾器與改良式Karp Rabin演算法之網路惡意封包偵測器
(Using NetFPGA to Implement Bloom Filter And Modified Karp Rabin Algorithm Based Network Intrusion Detector)

相關論文

★ 應用數位版權管理機制於數位影音光碟內容保護之研究	★ 以應用程式虛擬化技術達成企業軟體版權管理之研究
★ 以IAX2為基礎之網頁電話架構設計	★ 應用機器學習技術協助警察偵辦詐騙案件之研究
★ 擴充防止詐欺及保護隱私功能之帳戶式票務系統研究-以大眾運輸為例	★ 網際網路半結構化資料之蒐集與整合研究
★ 電子商務環境下網路購物幫手之研究	★ 網路安全縱深防護機制之研究
★ 國家寬頻實驗網路上資源預先保留與資源衝突之研究	★ 以樹狀關聯式架構偵測電子郵件病毒之研究
★ 考量地區差異性之隨選視訊系統影片配置研究	★ 不信任區域網路中數位證據保留之研究
★ 入侵偵測系統事件說明暨自動增加偵測規則之整合性輔助系統研發	★ 利用程序追蹤方法關聯分散式入侵偵測系統之入侵警示研究
★ 一種網頁資訊擷取程式之自動化產生技術研發	★ 應用XML/XACML於工作流程管理系統之授權管制研究

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

[檢視]

[下載]

本電子論文使用權限為同意立即開放。
已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。
請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。

摘要(中)

隨著網際網路的蓬勃發展，在網路上的應用也日益增多，相對的網路安全問題也隨著網路的普及越來越受到重視，基於特徵比對之網路型入侵偵測系統便成為不可或缺的基礎防護。然而目前網路型入侵偵測系統大多實作於軟體之上，相對於網路進入高速傳輸的今日已不敷使用，且酬載內容比對相較於標頭比對需要較多的計算量，也成為軟體比對的瓶頸。本研究以史丹佛大學與Xilinx合作開發的NetFPGA平台設計網路惡意封包偵測器以達到快速比對效果，雖然在FPGA上設計之IC具有快速、平行比對、與快速雛型化之特性，但該平台所能使用的資源有限，而特徵資料庫需要不斷的更新以達到比對成效，故本研究以決策樹檢測封包之標頭節省電路資源消耗，再依標頭比對之架構建置多字串比對群組來進行封包酬載之比對，並且在每個字串群組以布隆過濾器濾掉沒有惡意嫌疑的酬載內容，並以改良式Karp-Rabin演算法降低布隆過濾器存有之誤報率且達到多比對之效果，本研究經由實驗證明此設計的確可以較少的資源利用達到快速且有效之比對結果。

摘要(英)

Also day by day increases along with Internet’’s rapid development in network’’s application, the relative network security problem also more and more receives along with network’’s popularization takes seriously, compared to then becomes the indispensable foundation protection based on the characteristic to it network intrusion detector. However present network intrusion detector is mostly solid does above the software, is opposite enters high speed transmission in the network today to use insufficiently, and the payload content need more computation loads, it also becomes the software compares to the bottleneck. This research using FPGA platform design network intrusion detector achieves by the Standford University and Xilinx cooperate development’’s NetFPGA fast compared to the effect, although IC of design has fast on FPGA , but this platform can use the resources are limited, therefore this research saves the resources consumption by decision tree examine header, depends on it to establish the multi-strings group again to it construction to carry on ratio of the payload to the group to be more right than, and filters out the payload in each string groups by the Bloom Filter which does not have suspicion, and the improvement Karp-Rabin Algorithm calculating method reduces the Bloom Filter to have the rate of false alarm, and achieves multi-matching to it effect, this research by way of the experiment proved that this design indeed may the few resources use achieve fast and the effective ratio to the result.

關鍵字(中)

★ NetFPGA
★ 布隆過濾器
★ 入侵偵測系統
★ 改良式Karp-Rabin演算法

關鍵字(英)

★ Intrusion Detection
★ NetFPGA
★ Modified Karp Rabin Algorithm
★ Bloom Filter

論文目次

中文摘要...................................................................................................................i
英文摘要..................................................................................................................ii
圖目錄.................................................................................................................. v
表目錄................................................................................................................vii
第一章緒論.......................................................................................................... 1
1.1 研究背景.........................................................................................................................1
1.2 研究動機與目的..............................................................................................................3
1.3 布隆過濾器簡介..............................................................................................................6
1.4 KarpRabin演算法簡介....................................................................................................6
1.5 研究貢獻.........................................................................................................................7
1.6 章節架構.........................................................................................................................7
第二章相關研究.................................................................................................. 8
2.1 基於FPGA之酬載比對研究..........................................................................................8
2.1.1 以字串演算法做為酬載比對...............................................................................8
2.1.2 以布隆過濾器做為酬載比對.............................................................................10
2.1.3 以布隆過濾器結合字串比對演算法做為酬載比對..........................................11
2.2 基於FPGA之入侵偵測系統研究.................................................................................12
2.3 相關研究比較................................................................................................................13
第三章系統架構與設計..................................................................................... 16
3.1 NetFPGA系統架構......................................................................................................16
3.1.1 NetFPGA管線化架構........................................................................................17
3.1.2 Generic Register模組.........................................................................................19
3.2 本研究系統架構............................................................................................................21
3.3 PAM模組設計..............................................................................................................22
3.3.1 Header Matching模組設計................................................................................24
3.3.2 Payload Matching模組設計...............................................................................25
3.3.2.1 BFU模組設計...................................................................................................27
3.3.2.2 Merged NFA 狀態機..........................................................................................30
3.3.3 Event Handler 模組...........................................................................................31
3.4 自動化電路產生工具....................................................................................................32
第四章實驗與討論............................................................................................. 34
4.1 實驗環境.......................................................................................................................34
4.2 實驗架構.......................................................................................................................35
4.3 實驗工具.......................................................................................................................39
4.4 實驗與討論...................................................................................................................41
4.1.1 實驗一提升封包比對效能...............................................................................42
4.1.2 實驗二改善布隆過濾器之誤報率 ...................................................................44
4.1.3 實驗三本研究之偵測率與誤報率 ...................................................................46
4.5 實驗小結.......................................................................................................................49
第五章結論及未來研究..................................................................................... 50
5.1 研究結論與貢獻............................................................................................................50
5.2 未來研究.......................................................................................................................51
參考文獻................................................................................................................ 52

參考文獻

[1] 魏雅笛，「利用決策樹改善以FPGA為基礎之入侵偵測系統資源利用」，國立中央大學資訊管理研究所碩士論文，2009。
[2] 蔡明利，「應用於入侵偵測的有效率字串比對架構」，國立成功大學資訊工程研究所碩士論文，2007。
[3] 李世弘，「使用FPGA 實現應用於網路安全之可延展的字樣比對架構」，國立交通大學電信工程研究所碩士論文，2007。
[4] 施映男，「超越10Gbps之超高速特徵比對電路設計及其在網路入侵偵測系統之應用」，國立台灣師範大學資訊工程研究所碩士論文，2007。
[5] 黃威智，「在可程式化系統晶片中實現網路入侵偵測系統之高效能封包分類與比對電路」，國立台灣師範大學資訊工程研究所碩士論文，2007。
[6] Aho, A. V. and Corasick, M. J., ‘‘Efficient string matching: an aid to bibliographic search,’’ Communications of the ACM 18, June. 1975 Page(s): 333-340.
[7] Bloom, B. H., “Space/time trade-offs in hash coding with allowable errors,” Communications of the ACM, Volume 13, Issue 7, Page(s):422-426, 1970.
[8] Boyer, R. S. and Moore, J. S., ‘‘A fast string searching algorithm,’’ Communications of the ACM , 20 Oct., Page(s):762-772, 1977.
[9] Covington, G. A., Gibb, G., Naous, J., Lookwood, J. W. and McKeown, N., “Encouraging Reusable Network Hardware Design,” http://netfpga.org/ , 2009.
[10] Clark, C. R. and Ulmer, C. D., “Network intrusion detection systems on FPGAS with ON-Chip Network Interface,” In Proceedings of International Workshop onApplied Reconfigurable Computing, Algrave, Portugal, Feb., 2005.
[11] Charras, C. and Lecrop, T., “Handbook of Exact String Matching Algorithms,” http://www-igm.univ-mlv.fr/~lecroq/string/, King's College Publications, 2004.
[12] Dharmapurikar, S. and Lockwood, J. W., “Fast and Scalable Pattern Matching for Network Intrusion Detection Systems,” Selected Areas in Communications, IEEE Journal on Volume 24, Issue 10, Oct., Page(s):1781-1792, 2006.
[13] Dharmapurikar, S. and Lockwood, J. W., “Fast and scalable pattern matching for content filtering,” Architecture for networking and communications systems, Symposium on 26-28 Oct, Page(s):183-192, 2005.
[14] Dharmapurikar, S., Krishnamurthy P., Sproull, T. S. and Lockwood, J. W., “Deep packet inspection using parallel bloom filters,” Micro, IEEE Volume 24, Issue 1, Jan.-Feb. Page(s):52-61,2004.
[15] Sourdis, I., Pnevmatikatos, D., and Vassiliadis, S., “An Evaluation of FPGA-based IDS Pattern Matching Techniques,” IEEE Transaction on information Forensics And Security, Vol.3, No. 1, March, 2008.
[16] Ho, J. T. L. and Lemieux, G. G. F., “PERG: A scalable FPGA-based pattern-matching engine with consolidated Bloomier filters,” Field-Programmable Technology International Conference on 8-10 Dec. Page(s):73-80,2008.
[17] Katashita, T., Yamaguchi Y., Madeda, A, and Toda, K., “Highly Efficient String Matching Circuit for IDS with FPGA,” Proceedings of the 14th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, Page(s):285-286,2004.
[18] Katashita, T., Yamaguchi Y., Madeda, A, and Toda, K., “FPGA-Based Intrusion Detection System for 10 Gigabit Ethernet,” The Institute of Electronics, Information and Communication Engineers Vol. E90-D, No.12 , 2007.
[19] Knuth, D.E., Morris, J. H. Jr. and Pratt, V. R. , “Fast pattern matching in strings,” SIAM Journal on Computing, 6(2), Page(s):323-350,1977.
[20] Manber,U. and Sun,W., “GLIMPSE: A Tool to Search Through Entire File Systems,” Usenix Winter Technical Conference, Jan. , Page(s): 23-32,1944.
[21] Proudfoot, R., Kent, K., Aubanel, E., and Chen, N. ,“Flexible Software-Hardware Network Intrusion Detection System,” Rapid System Prototyping, The 19th IEEE/IFIP International Symposium on Jun. 2-5, Page(s):182-188,2008.
[22] Yusuf, S., Luk W., Szeto, M. K. N., and Osborne, W. “UNITE: Uniform hardware-based Network Intrusion deTection Engine,” Applied Reconfigurable Computing (ARC), March, 2006.
[23] TWNIC-台灣網路資訊中心網路使用調查, http://map.twnic.net.tw/,2010.
[24] SNORT, http://www.winsnort.com/.
[25] Symantec Global Internet Security Threat Report,
http://www.symantec.com/business/theme.jsp?themeid=threatreport/.
[26] NetFPGA, http://www.netfpga.org/.
[27] Xilinx, http://www.xilinx.com/company/gettingstarted/.
[28] Zeus Botnet, http://antivirus.about.com/od/virusdescriptions/p/zeusbotnet.htm.

指導教授

陳奕明(Yi-Ming Chen)

審核日期

2010-7-21

推文