| 基于FPGA的高速网络入侵检测系统 |
| |
| 引用本文: | 刘航,戴冠中,李晖晖,慕德俊.基于FPGA的高速网络入侵检测系统[J].计算机应用,2004,24(5):33-35. |
| |
| 作者姓名: | 刘航 戴冠中 李晖晖 慕德俊 |
| |
| 作者单位: | 西北工业大学,自动控制系,陕西,西安,710072 |
| |
| 基金项目: | 航空科学基金 (0 1F53 0 3 1 ),教育部博士点基金 (2 0 0 2 0 6 990 2 6 ) |
| |
| 摘 要: | 处理速度成为制约基于软件的网络入侵检测系统性能的瓶颈。文中提出了用可重配置硬件(FPGA)和商用千兆以太网MAC实现的网络入侵检测系统体系结构。在该体系结构中,网络数据包的特征匹配以及复杂协议分析等高强度的计算均由可重配置硬件电路完成,而使主机CPU更专注于对复杂入侵方式的检测和对入侵行为的实时响应。分析表明,该体系结构能够快速适应入侵特征变化对硬件电路的重配置需求,使网络入侵检测系统可以以线速处理网络数据包。
|
| 关 键 词: | 入侵检测系统 可重配置硬件结构 现场可编程门阵列 内容可寻址存储器 |
| 文章编号: | 1001-9081(2004)05-0033-03 |
High Speed Network Intrusion Detection Based on FPGA |
| |
| LIU Hang,DAI Guan-zhong,LI Hui-hui,MU De-jun.High Speed Network Intrusion Detection Based on FPGA[J].journal of Computer Applications,2004,24(5):33-35. |
| |
| Authors: | LIU Hang DAI Guan-zhong LI Hui-hui MU De-jun |
| |
| Abstract: | With the increase of network bandwidth,the processing speed becomes the bottleneck for the software-based Intrusion Detection Systems (IDS). In this Paper,a novel architecture for IDS based on a reconfigurable hardware,a FPGA,coupled with a commodity Gigabit Ethernet MAC is proposed. In this architecture,the significant and computing-intensive portion of the network processing,such as signature matching and complex protocol analysis,are implemented by the reconfigurable hardware. The host CPU is dedicated to detecting and responding the complex intrusions in real time. Analysis shows that the reconfigurable feature of this architecture can accommodate the changing of the intrusion modes and process the network packet at line rate. |
| |
| Keywords: | intrusion detection system reconfigurable hardware architecture field programmable gate array content addressable memory |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
