字串比對在入侵偵測/防護系統上的應用與實現

Abstract

隨著網路流量的提昇，網路安全工具的工作量必須提昇。入侵偵測/防護系統所採用的方式大致可以區分為異常行為偵測（abnormal-behavior detection）與字串比對（signature matching）。純粹採用軟體的方式來進行字串比對已經因為跟不上網路頻寬的成長而遇到了瓶頸；為了追求比對速度的突破，現在的研究傾向於將需要龐大計算量的部份交由硬體來完成。於是我們需要針對字串比對作硬體設計。 這篇論文將實現NTL實驗室所提出的一個字串比對系統架構，將其中一部分------驗證模組以FPGA實現。並且以Banded-Row format為基礎設計了一個新的資料儲存結構。

Network security system has to promote processing power because of the increasing network traffic. Usually, the intrusion detection system can be classified into two major types: abnormal-behavior detection and signature matching. There is a bottleneck since implementation of string matching using only software may not keep up with the growth of bandwidth. Recent researches prefers to hand over the string match process to hardware solution to get speed breakthrough. Thus we need to design a string match hardware system. This paper will implement a string match system researched by NCTU NTL Laboratory, and implement the verification module on FPGA. Finally I propose a new data storage format based on Banded-Row format.