摘要
基于嵌入式平台的硬件字符串匹配机设计有3大挑战:处理速度、硬件资源消耗以及支持特征库的动态更新。根据ClamAV中94%的字符模式串中16bytes前缀互不相同的特征,提出一种基于定长前缀检测与不定长后缀验证相结合的匹配机。通过在Xilinx Virtex-6单一芯片上的实现得出该匹配机存储资源总消耗仅为0.84MB(0.84bits/char),系统时钟频率可达到230 MHz以上,匹配机完全基于存储器架构设计,可支持模式集的动态更新。
Speed,cost and flexibility to allow efficient dynamic updates are the three major challenges in the design of hardware string matching engine.After analyzing the properties of pattern sets in ClamAV database,more than 94% of patterns had distinct 16-byte prefix.A hardware string matching engine was presented based on the detection of fixed-length prefix and on-demand verification of variable-length suffix.After the implementation in one single device of Xilinx Virtex-6,the overall memory cost of the proposed design is only about 0.84 MB,i.e.0.84 bits per character of the ClamAV pattern set,and the system can process 1byte per cycle with clock rate 230 MHz.It allows efficient dynamic updates since it is designed under memory-based hardware architecture.
出处
《计算机工程与设计》
北大核心
2016年第9期2405-2410,共6页
Computer Engineering and Design
基金
香港研究资助局基金项目(CityU119809)
浙江省教育技术规划课题基金项目(JB125)
浙江省教育厅一般科研基金项目(Y201534483)
关键词
字符串匹配
深度包检测
模式匹配
入侵检测系统
硬件匹配机
string matching
deep packet inspection
pattern matching
intrusion detection system
hardware matching engine
