具前置共用和字串共用PERL相容正規表示比對架構

Po-Chun Liao; 廖柏鈞

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/40776

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	王勝德
dc.contributor.author	Po-Chun Liao	en
dc.contributor.author	廖柏鈞	zh_TW
dc.date.accessioned	2021-06-14T16:59:50Z	-
dc.date.available	2011-08-16
dc.date.copyright	2011-08-16
dc.date.issued	2011
dc.date.submitted	2011-08-12
dc.identifier.citation	[1] PCRE - Perl Compatible Regular Expressions. Available: http://www.pcre.org/ [2] Snort officail website. Available: http://www.snort.org/ [3] R. Sidhu and V. K. Prasanna, 'Fast Regular Expression Matching Using FPGAs,' in Field-Programmable Custom Computing Machines, 2001. FCCM '01. The 9th Annual IEEE Symposium on, 2001, pp. 227-238. [4] C. H. Lin, C. T. Huang, C. P. Jiang and S. C. Chang, 'Optimization of Pattern Matching Circuits for Regular Expression on FPGA,' in Very Large Scale Integration (VLSI) Systems. IEEE Transactions on, vol. 15, 2007, pp. 1303-1310. [5] C. H. Lin, C. T. Huang, C. P. Jiang and S. C. Chang, 'Optimization of Regular Expression Pattern Matching Circuits on FPGA,' in Design, Automation and Test in Europe, 2006. Data '06. Proceedings, 2006, pp. 1-6 [6] J. Bispo, I. Sourdis, J. M. P. Cardoso and S. Vassiliadis, 'Regular expression matching for reconfigurable packet inspection,' in Field Programmable Technology, 2006. IEEE International Conference on, 2006, pp. 119-126. [7] J. Bispo, I. Sourdis, J. M. P. Cardoso and S. Vassiliadis, 'Regular Expression Matching in Reconfigurable Hardware,' in Int. Journal of VLSI Signal Processing System [8] M. Faezipour and M. Nourani, 'Regular Expression Matching for Reconfigurable Constraint Repetition Inspection,' in Global Telecommunications Conference, 2008. IEEE Globecom 2008. IEEE, 2008, pp. 1-5. [9] B. L. Hutchings, R. Franklin and D. Carver, 'Assisting Network Intrusion Detection with Reconfigurable Hardware,' in Field-Programmable Custom Computing Machines, 2002. Proceeding. 10th Annual IEEE Symposium on, 2003. [10] C. R. Clark and D. E. Schimmel, 'Efficient Reconfigurable Logic Circuits for Matching Complex Network Intrusion Detection Patterns,' in Field-Programmable Logic and Applications (FPL), 2003. [11] Yen-Kai Wang, 'A Regular Expression Pattern Matching Architecture with Common String Sharing Scheme,' in Master, Department of Electrical Engineering, National Taiwan University, Taipei, 2009. [12] Ying-Hsien Li, 'A PCRE Pattern Matching Architecture with Counter Sharing,' in Master, Department of Electrical Engineering, National Taiwan University, Taipei, 2010. [13] Li Tian, SuYing Yao, 'Research and Improvement of Pre-decode Pattern Matching Circuit,' in Control, Automation, Robotics and Vision, 2008. ICARCV 2008. 10th International Conference on, 2008. [14] Getting Started Guide with the Xilinx Virtex-6 FPGA ML605 Evaluation Kit, Inc, 2010. [15] Embedded Development Kit 12.3, Xilinx, Inc, 2010. [16] LogiCORE IP FIFO Generator v7.2 User Guide, Xilinx, Inc, 2010. [17] PLBV46 Master Burst v1.01a, Xilinx, Inc, 2010.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/40776	-
dc.description.abstract	資訊安全對於系統管理者與使用者而言相當重要。許多網路入侵偵測系統使用正規表示式或PERL相容正規表示式法來表示它們的樣式。為了跟上網路流量，學者提出建立於確定有限狀態自動機和非確定有限狀態自動機基礎上之硬體化PERL相容正規表示式樣式比對架構。由於比對樣式的增加，樣式比對架構的電路面積會變大，電路面積減少成為一個議題。在這篇論文，我們使用前置共用、字串共用、預先解碼和字符類塊的方式來減少非確定有限狀態自動機型態的硬體架構。我們設計一個極盡所能地擷取前置共用的演算法，並在不增加電路複雜度下，加上字串共用來更進一步減少電路面積。此外，我們在實驗中測試大量的SNORT比對條例，高達2281條。實驗結果顯示，我們的方法可以產生2281筆條例的比對引擎，在virtex-6的器材上減少約35%的邏輯單元。此方法有效於減少電路面積。	zh_TW
dc.description.abstract	Network security is important for both system managers and end users. Lots of network intrusion detection systems (NIDS) use regular expressions or PCREs as a description language to represent their signature patterns. To keep up the network flow rate, hardware PCRE pattern matching architectures based on NFA or DFA are proposed. Owing to the ever signature patterns, the circuit area required to implement the pattern matching architecture for regular expression is becoming large. Thus, the reduction of the area of the circuit becomes an important issue. In this thesis, we reduce the circuits required to realize an NFA-based hardware architecture with common prefix sharing, common string sharing, pre-decode and character-class blocks. We design an algorithm to fetch as more common prefix as possible. The common string sharing can further reduce the circuit area without increasing the complexity. In addition, we test as many as 2281 snort rules, quiet many rules, in the experiment. The experiment results show that our approach is able to generate a regular pattern engine to match 2281 rules and is able to reduce 35.5% logic cells on a virtex-6 device. It is effective to reduce the area of circuit.	en
dc.description.provenance	Made available in DSpace on 2021-06-14T16:59:50Z (GMT). No. of bitstreams: 1 ntu-100-R98921051-1.pdf: 2620269 bytes, checksum: a57bf6d212839b43a74ef7ba5a862d33 (MD5) Previous issue date: 2011	en
dc.description.tableofcontents	口試委員會審定書 ............................................................................................................ i 誌謝 .................................................................................................................................. ii 摘要 ................................................................................................................................. iii Abstract ............................................................................................................................. iv Chapter 1 Introduction ....................................................................................................... 1 1.1 Introduction ............................................................................................... 1 1.2 Contribution ............................................................................................... 5 1.3 Thesis Organization ................................................................................... 5 Chapter 2 Related Work ..................................................................................................... 6 Chapter 3 Common Prefix and Common String ............................................................. 11 3.1 Common Prefix Sharing Scheme ............................................................ 11 3.2 Common String Sharing .......................................................................... 15 Chapter 4 System Architecture ........................................................................................ 18 4.1 System Architecture ................................................................................. 18 4.2 Data Access Block ................................................................................... 19 4.2.1 Memory Fetcher ...................................................................................... 20 4.2.2 Memory Write Back ................................................................................ 22 4.2.3 FIFO Fetcher ........................................................................................... 23 4.3 PCRE Engine ................................................................................................. 24 4.4 HW/SW Co-Design Testing .......................................................................... 27 Chapter 5 Experimental Results ...................................................................................... 31 5.1 FPGA Development Board ...................................................................... 31 5.2 Integrated Development Environment..................................................... 32 5.3 The Interface of Test Application ............................................................ 32 5.4 Synthesis Result ....................................................................................... 32 Chapter 6 Conclusion and Future .................................................................................... 38 References ....................................................................................................................... 39
dc.language.iso	en
dc.subject	非確定有限狀態自動機	zh_TW
dc.subject	網路入侵偵測系統	zh_TW
dc.subject	樣式比對	zh_TW
dc.subject	正規表示法	zh_TW
dc.subject	PERL相容正規表示法	zh_TW
dc.subject	Pattern Matching	en
dc.subject	NFA	en
dc.subject	PCRE	en
dc.subject	NIDS	en
dc.subject	Regular Expression	en
dc.title	具前置共用和字串共用PERL相容正規表示比對架構	zh_TW
dc.title	A PCRE Pattern Matching Architecture with Common Prefix Sharing and Common String Sharing	en
dc.type	Thesis
dc.date.schoolyear	99-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	郭斯彥,雷欽隆
dc.subject.keyword	網路入侵偵測系統,樣式比對,正規表示法,PERL相容正規表示法,非確定有限狀態自動機,	zh_TW
dc.subject.keyword	NIDS,Pattern Matching,Regular Expression,PCRE,NFA,	en
dc.relation.page	40
dc.rights.note	有償授權
dc.date.accepted	2011-08-12
dc.contributor.author-college	電機資訊學院	zh_TW
dc.contributor.author-dept	電機工程學研究所	zh_TW
顯示於系所單位：	電機工程學系

文件中的檔案：

檔案	大小	格式
ntu-100-1.pdf 未授權公開取用	2.56 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。