隨著網際網路的蓬勃發展,網路安全也日漸受到重視。網路入侵偵測系統就是針對網路上惡意封包作特徵比對以達到網路上重要的安全防護。然而,目前許多網路入侵偵測系統應用多數為軟體上的實作,因為網路速度的快速提升而成為目前在網路骨幹上偵測的瓶頸。因此許多在硬體的上的實作方法也已紛紛被提出。 本篇研究以史丹佛大學與Xilinx合作開發的NetFPGA平台設計網路惡意封包偵測系統以達到快速比對效果,雖然在FPGA上設計之IC具有快速、平行比對之特性,但該平台所能使用的資源有限,而導致特徵資料庫的數量受到限制。在目前網路入侵偵測系統的硬體實作上不僅耗費大量硬體電路成本也因為針對字串作完全比對降低網路吞吐量,因此本研究提出改良式的布隆過濾器在針對酬載的比對上建置不同特徵字串長度的群組來進行快速封包酬載之比對。由於透過布隆過濾器進行比對會造成誤報率的發生,因此本篇研究也針對一般的布隆過濾器與本篇改良的布隆過濾器作誤報率上的分析以達到最小誤報率發生。 With the rapid development of Internet, the network security is increasing attention. Network intrusion detection system is to achieve the important security protection for the malicious packets on the network . However, many current network intrusion detection system that is implemented on the software applications which become the bottleneck when the network speed has improved rapidly and need to detect on the network. So many of the hardware implementation on the way also have been proposed. This study by Stanford University that developed in collaboration with Xilinx platform NetFPGA malicious network packet detection system to achieve the effect on the network, although the IC design on the FPGA are faster, parallel comparison of the features, but the platform can use of limited resources, which led to the number of database features are limited. In the current network intrusion detection system hardware implementation, not only cost intensive but also because of the hardware circuit for the exact match for the string reduces network throughput, this study proposed a modified Bloom filter build on the set of different characteristics than the string length groups for fast comparison on packet payload. Because Bloom filters through to compare the incidence of false positives will result, so this study also for the general filter and our proposed Bloom filter for improving false positive rate on the analysis to minimize false positives occur.