| 基于FPGA的Gigabit入侵检测系统设计与实现 |
| |
| 引用本文: | 李志祥,林克成,王寅龙,王希武,李前进.基于FPGA的Gigabit入侵检测系统设计与实现[J].计算机与现代化,2012(1):170-172. |
| |
| 作者姓名: | 李志祥 林克成 王寅龙 王希武 李前进 |
| |
| 作者单位: | 军械工程学院计算机工程系,河北石家庄050003 |
| |
| 摘 要: | 随着网络带宽的增长,基于软件的入侵检测系统已不能适应千兆网络安全的需求。本文基于FPGA实现了千兆网入侵检测系统,其中的流量捕获、数据包解析、规则集模式匹配等计算密集的任务模块由FPGA中的高速运算逻辑实现,而人机交互部分由嵌入式系统实现。测试结果显示,系统在1Gbps最小包压力流量下进行数据包分析与检测时,可以达到0丢包率。
|
| 关 键 词: | 入侵检测系统 千兆网络 FPGA |
Design and Implementation of Gigabit NIDS Based on FPGA |
| |
| LI Zhi-xiang,LIN Ke-cheng,WANG Yin-long,WANG Xi-wu,LI Qian-jin.Design and Implementation of Gigabit NIDS Based on FPGA[J].Computer and Modernization,2012(1):170-172. |
| |
| Authors: | LI Zhi-xiang LIN Ke-cheng WANG Yin-long WANG Xi-wu LI Qian-jin |
| |
| Affiliation: | (Department of Computer Engineering, Ordnance Engineering College, Shijiazhuang 050003, China) |
| |
| Abstract: | Traditional software-based network intrusion detection systems (NIDS) are becoming strained as network data-rate increases. A gigabit NIDS is implemented based on FPGA. The computationally intensive components of a NIDS such as stream capturing, packet resolving and pattern matching of rule set are implemented based on high-speed logic cells of FPGA. While human-machine interfacing module is implemented based on embedded system. Test shows that when working in pressing gigabit network, the system can achieve zero-loss rate. |
| |
| Keywords: | NIDS gigabit network FPGA |
| 本文献已被 CNKI 维普 等数据库收录! |
|
