一個有效利用記憶體的樣式比對引擎與硬體加速封包處理平台

Tou Ieong; 楊滔

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/42199

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	王勝德(Sheng-De Wang)
dc.contributor.author	Tou Ieong	en
dc.contributor.author	楊滔	zh_TW
dc.date.accessioned	2021-06-15T00:52:20Z	-
dc.date.available	2011-08-14
dc.date.copyright	2008-08-14
dc.date.issued	2008
dc.date.submitted	2008-08-08
dc.identifier.citation	[1] PackEth - Ethernet packet generator. http://packeth.sourceforge.net/. [2] PCRE - Perl compatible regular expressions. http://www.pcre.org/. [3] A. V. Aho and M. J. Corasick, “Efficient string matching: an aid to bibliographic search,” Communications of the ACM, vol.18 no.6, pp.333-340, Jun. 1975. [4] B. H. Bloom, “Space/time trade-offs in hash coding with allowable errors,” Communications of the ACM, vol. 13, no.7, pp. 422-426, Jul. 1970. [5] B.L. Hutchings, R. Franklin and D. Carver, “Assisting Network Intrusion Detection with Reconfigurable Hardware,” in Proceedings of the 10th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, Sep. 2002, pp. 111. [6] S. Dharmapurikar, P. Krishnamurthy, T. S. Sproull and J. W. Lockwood, 'Deep Packet Inspection using Parallel Bloom Filters,' IEEE Micro, vol. 24, no. 1, pp. 52-61, Jan/Feb. 2004. [7] S. Kumar, B. Chandrasekaran, J. Turner and G. Varghese, “Curing regular expressions matching algorithms from insomnia, amnesia, and acalculia,” In ANCS ’07: Proceedings of the 3rd ACM/IEEE Symposium on Architecture For Networking and Communications Systems, Dec. 2007, pp. 155-164. [8] S. Kumar, S. Dharmapurikar, F. Yu, P. Crowley, and J. Turner. “Algorithms to accelerate multiple regular expressions matching for deep packet inspection,” In SIGCOMM ’06: Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications, Oct. 2006, pp. 339-350. [9] S. Kumar, J. Turner, and J. Williams. “Advanced algorithms for fast and scalable deep packet inspection,” In ANCS ’06: Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems, Dec. 2006, pp. 81-92. [10] C.-H. Lin, C.-T. Huang, C.-P. Jiang, and S.-C. Chang, “Optimization of regular expression pattern matching circuits on FPGA,” In DATE ’06: Proceedings of the conference on Design, automation and test in Europe. Mar. 2006, pp. 12–17. [11] J. Moscola, J. Lockwood, R. P. Loui, and M. Pachos. “Implementation of a content-scanning module for an internet firewall,” In FCCM ’03: Proceedings of the 11th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, Apr. 2003, pp. 31-38. [12] V. Paxson. “Bro: A system for detecting network intruders in real-time,” In Proceedings of the 7th conference on USENIX Security Symposium, Jan. 1998, pp. 3. [13] M. Roesch. “Snort - lightweight intrusion detection for networks,” In LISA ’99: Proceedings of the 13th USENIX conference on System administration, Nov. 1999, pp. 229-238. [14] R. Sidhu and V. K. Prasanna, “Fast regular expression matching using FPGAs,” In FCCM '01: Proceedings of the 9th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, Apr. 2001, pp. 227-238. [15] H. Song, T. Sproull, M. Attig and J. Lockwood, 'Snort offloader: a reconfigurable hardware NIDS filter,' International Conference on Field Programmable Logic and Applications, Aug. 2005, pp. 493-498. [16] L. Tan and T. Sherwood, 'A High Throughput String Matching Architecture for Intrusion Detection and Prevention,' In ISCA’05: the 32nd Annual International Symposium on Computer Architecture, Jun. 2005, pp. 112-122. [17] L. Tan and T. Sherwood, “Architectures for Bit-Split String Scanning in Intrusion Detection,” IEEE Micro, vol. 26, no. 1, pp. 110-117, Jan/Feb, 2006. [18] N. Tuck, T. Sherwood, B. Calder and G. Varghese. “Deterministic memory-efficient string matching algorithms for intrusion detection,” In INFOCOM 2004: Twenty-third Annual Joint Conference of the IEEE Computer and Communications Societies, Mar. 2004, vol. 4, pp. 2628–2639. [19] Xilinx Inc, “ML405 evaluation platform user guide,” UG210 (v1.5.1), May 2006. [20] Xilinx Inc, “XLS LL TEMAC,” (v1.00b), Oct. 2007. [21] Xilinx Inc, “Embedded Development Kit (EDK) 9.2,” Nov. 2007. [22] Xilinx Inc, “Processor Local Bus (PLB) v4.6,” (v1.00a), Aug. 2007. [23] E. Yeh, H. Chao, V. Mannem, J. Gervais and B. Booth, “Introduction to TCP/IP offload engine (TOE),” Apr. 2002.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/42199	-
dc.description.abstract	網路安全偵測系統（Network Intrusion detection system）收集已知的網路攻擊的特徵碼（signatures）針對封包內容和特徵碼做樣式比對（Pattern Matching），保護我們的網路環境。特徵碼通常以正規表達式（Regular Expressions）表示，在偵測系統中樣式比對功能佔用了大量的計算時間。為了保持網路的運作速度，硬體加速器被應用在網路安全偵測系統上。在本論文中，我們延伸 H-cFA成為Bitmap H-cFA，它利用位元對應的方式記錄走過的狀態，透過History buffer 記錄重覆次數，從而減少總狀態數。Bitmap H-cFA不管保持了H-cFA 的少記憶體特性，同時增加支援的正規表達式格式，建立一個更一般化的樣式比對引擎。我們同時提出一個硬體加速封包處理平台，它提供在FPGA上測試樣式比對智財 (IPs)。它包括封包擷取器和 TCP標頭分析器，它提供很容易的整合樣式比對引擎測試整個系統。我們在Xilinx ML405 FPGA 開發板上實作了封包處理平台和樣式比對引擎，最後得到231 Mbps 的處理流量。	zh_TW
dc.description.abstract	A Network Intrusion Detection System (NIDS) collects known signatures of network threats and carries out pattern matching between packet payload and signatures to protect our network. Signatures are often represented by regular expressions and pattern matching occupied most of computing time in an NIDS. To keep the network operating at full speed, hardware accelerators are used in pattern matching. In this thesis, we extended the History based Counting Finite Automaton (H-cFA) to Bitmap H-cFA, which used a bitmap data structure to store the 'walked' states and recorded the repeat count in a history buffer to reduce the total number of states in finite automata. Bitmap H-cFA not only kept the low memory characteristic but also provided more support in regular expression formats, making a more generalized pattern matching engine. We also presented a hardware accelerated packet processing platform, which allowed pattern matching intellectual properties (IPs) to be tested in FPGA. The proposed packet processing platform consisted of a packet payload extractor and a TCP packet header parser. It could easily be integrated with a pattern matching engine to test the system. We implemented the proposed packet processing platform and the pattern matching engine in a Xilinx ML405 FPGA development board and obtained a processing throughput of 231 Mbps.	en
dc.description.provenance	Made available in DSpace on 2021-06-15T00:52:20Z (GMT). No. of bitstreams: 1 ntu-97-R95921090-1.pdf: 1024449 bytes, checksum: 36fffe0d515248924374b34e74a481c0 (MD5) Previous issue date: 2008	en
dc.description.tableofcontents	誌謝 i 摘要 ii Abstract iii Contents iv Figures vi Tables vii Chapter 1 Introduction 1 1.1 Background 1 1.2 Contributions 3 1.3 Thesis Organization 3 Chapter 2 Related Work 5 2.1 String Matching Hardware Architectures 5 2.2 Implementation of Regular Expressions 6 2.3 Network Platform 7 Chapter 3 Bitmap H-cFA 8 3.1 Introduction of H-FA and H-cFA 8 3.2 Motivation 11 3.3 Examples of Bitmap H-cFA 12 3.4 Data structure of Bitmap H-cFA 15 3.5 Work Flow 16 3.6 Evaluation 20 Chapter 4 Network Offload Engine 21 4.1 Motivation 21 4.2 Design Considerations 22 4.3 Modules Description 24 4.3.1 Retriever Module 24 4.3.2 Header Parser Module 25 4.3.3 Pattern Matching Module 25 4.3.4 Central Controller Module 26 4.4 Buffers Description 27 4.5 Data Flow 28 4.6 Characteristics 29 Chapter 5 Implementation Results 32 5.1 FPGA Development Board 32 5.2 System Architecture 33 5.3 Implementation Details 34 5.4 Synthesis Result 35 5.5 Performance Estimation 38 5.6 System Performance 40 Chapter 6 Conclusions and Future Work 42 6.1 Conclusions 42 6.2 Future Work 43 References 44
dc.language.iso	en
dc.subject	封包處理平台	zh_TW
dc.subject	樣式比對	zh_TW
dc.subject	正規表示式	zh_TW
dc.subject	Pattern Matching	en
dc.subject	Regular Expressions	en
dc.subject	Packet Processing Platform	en
dc.title	一個有效利用記憶體的樣式比對引擎與硬體加速封包處理平台	zh_TW
dc.title	A Hardware Accelerated Packet Processing Platform with Memory-Efficient Pattern Matching Engines	en
dc.type	Thesis
dc.date.schoolyear	96-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	雷欽隆,楊柏因,洪士顥,鄭振牟
dc.subject.keyword	樣式比對,正規表示式,封包處理平台,	zh_TW
dc.subject.keyword	Pattern Matching,Regular Expressions,Packet Processing Platform,	en
dc.relation.page	46
dc.rights.note	有償授權
dc.date.accepted	2008-08-08
dc.contributor.author-college	電機資訊學院	zh_TW
dc.contributor.author-dept	電機工程學研究所	zh_TW
顯示於系所單位：	電機工程學系

文件中的檔案：

檔案	大小	格式
ntu-97-1.pdf 未授權公開取用	1 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。