摘要
处理速度成为制约基于软件的网络入侵检测系统性能的瓶颈。文中提出了用可重配置硬件(FPGA)和商用千兆以太网MAC实现的网络入侵检测系统体系结构。在该体系结构中,网络数据包的特征匹配以及复杂协议分析等高强度的计算均由可重配置硬件电路完成,而使主机CPU更专注于对复杂入侵方式的检测和对入侵行为的实时响应。分析表明,该体系结构能够快速适应入侵特征变化对硬件电路的重配置需求,使网络入侵检测系统可以以线速处理网络数据包。
With the increase of network bandwidth,the processing speed becomes the bottleneck for the software-based Intrusion Detection Systems (IDS). In this Paper,a novel architecture for IDS based on a reconfigurable hardware,a FPGA,coupled with a commodity Gigabit Ethernet MAC is proposed. In this architecture,the significant and computing-intensive portion of the network processing,such as signature matching and complex protocol analysis,are implemented by the reconfigurable hardware. The host CPU is dedicated to detecting and responding the complex intrusions in real time. Analysis shows that the reconfigurable feature of this architecture can accommodate the changing of the intrusion modes and process the network packet at line rate.
出处
《计算机应用》
CSCD
北大核心
2004年第5期33-35,共3页
journal of Computer Applications
基金
航空科学基金 (0 1F53 0 3 1 )
教育部博士点基金 (2 0 0 2 0 6 990 2 6 )
关键词
入侵检测系统
可重配置硬件结构
现场可编程门阵列
内容可寻址存储器
intrusion detection system
reconfigurable hardware architecture
field programmable gate array
content addressable memory