應用於場效可程式邏輯陣列之高效能入侵偵測系統

Abstract

近幾年來，由於科技的進步，網路的傳輸速率也不斷地提升，大家都可以享受到網路的便利性。但是在此同時，網路的安全問題卻也逐漸浮上了檯面，越來越多的病毒、木馬程式等，讓人深怕下一個受害者就是自己，許多的網路安全軟體就因此產生了。但是網路的速度越來越快，單單只靠著軟體的防護，似乎已經不太足夠了。如果能讓軟體中工作量最大的部份－字串比對－由硬體來負責的話，相信一定能夠大幅地提升工作效率。 在許多的研究中[7, 8, 9, 11, 13, 14, 15]，都使用了硬體來加速字串比對的過程。不過他們幾乎都是將規則(rule)建立在硬體上，此舉雖然提昇速度，但是卻有著相當大的缺點，那就是無法建立太多的規則。原因在於硬體的邏輯閘數目是有限，而根據不同的軟體，規則的數目有幾百幾千，甚至有上萬條的規則。 因此本篇論文的目的，在於提出一種不同的硬體實現方式，不將規則存放在硬體，而是存放在記憶體中。這種方法能夠讓硬體處理更多的規則，同時又有著不錯的傳輸速率，以期能夠配合目前網路速度的需求。

Recent years, because of advancement of technology, network speed is increasing continuously. Everyone can enjoy the convenience of network. But in the same time, the security of network becomes a serious problem. More and more virus and Trojans make people dread that they are next victims. So, they begin to use some network security software. Nevertheless, under the increasing network speed, software may be not safe anymore. If we can let hardware do string matching that is heavy work in software, we believe that it must improve efficiency enormously. In some research [7, 8, 9, 11, 13, 14, 15], they almost build rules on the hardware to increase throughput. But there is a big problem in this way. There are not enough logic gates to build many rules. Especially, there are hundreds, thousands, even more than ten thousands of rules in software. Therefore, we propose a different hardware implement in this thesis. We do not build rule in hardware but store in memory. This approach not only processes more rules but also has good performance to match up the need of present network.