摘要
基于软件实现的入侵检测技术在高速网应用中容易引起瓶颈,根据入侵检测的应用特点,提出了一种关键字长度可变、内容可重置的并行模式匹配硬件实现方法,详细论述了用FPGA设计实现了这种方法的技术途径,通过一个设计实例仿真分析表明,这种硬件模式匹配技术设计灵活方便,匹配速度快,资源利用率较高,在高速网络应用领域具有较高的实用价值。
Intrusion detection systems (IDS) are crucial in network security today. Software-based IDS could not meet the bandwidth requirements of modern high speed Network because the pattern matching program is prone to cause bottleneck in the case of large database, Hardware techniques are desired to be a good way to solve this problem. According to the characteristics of IDS, a parellel matching architecture was proposed, which was suitable for variable-length keywords matching and keywords reconfiguration. The techniques to realized it with FPGA was discussed. An example was developed by this method and the simulation results indicate that the matching speed is very high and the FPGA resource usage is effective. Therefore the techniques are valuable and helpful for many applications in the fields of high speed network
出处
《系统仿真学报》
EI
CAS
CSCD
北大核心
2007年第14期3215-3217,3229,共4页
Journal of System Simulation
基金
陕西省教育厅自然科学专项基金(05JK293)
国家自然科学基金重点项目(60433010)
关键词
入侵检测
模式匹配
并行算法
硬件技术
FPGA
Intrusion Detection System
pattern matching
parellel algorithm
hardware techniques
FPGA (Field Programmable Gate Array)
