請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/40776
完整後設資料紀錄
DC 欄位 | 值 | 語言 |
---|---|---|
dc.contributor.advisor | 王勝德 | |
dc.contributor.author | Po-Chun Liao | en |
dc.contributor.author | 廖柏鈞 | zh_TW |
dc.date.accessioned | 2021-06-14T16:59:50Z | - |
dc.date.available | 2011-08-16 | |
dc.date.copyright | 2011-08-16 | |
dc.date.issued | 2011 | |
dc.date.submitted | 2011-08-12 | |
dc.identifier.citation | [1] PCRE - Perl Compatible Regular Expressions. Available: http://www.pcre.org/
[2] Snort officail website. Available: http://www.snort.org/ [3] R. Sidhu and V. K. Prasanna, 'Fast Regular Expression Matching Using FPGAs,' in Field-Programmable Custom Computing Machines, 2001. FCCM '01. The 9th Annual IEEE Symposium on, 2001, pp. 227-238. [4] C. H. Lin, C. T. Huang, C. P. Jiang and S. C. Chang, 'Optimization of Pattern Matching Circuits for Regular Expression on FPGA,' in Very Large Scale Integration (VLSI) Systems. IEEE Transactions on, vol. 15, 2007, pp. 1303-1310. [5] C. H. Lin, C. T. Huang, C. P. Jiang and S. C. Chang, 'Optimization of Regular Expression Pattern Matching Circuits on FPGA,' in Design, Automation and Test in Europe, 2006. Data '06. Proceedings, 2006, pp. 1-6 [6] J. Bispo, I. Sourdis, J. M. P. Cardoso and S. Vassiliadis, 'Regular expression matching for reconfigurable packet inspection,' in Field Programmable Technology, 2006. IEEE International Conference on, 2006, pp. 119-126. [7] J. Bispo, I. Sourdis, J. M. P. Cardoso and S. Vassiliadis, 'Regular Expression Matching in Reconfigurable Hardware,' in Int. Journal of VLSI Signal Processing System [8] M. Faezipour and M. Nourani, 'Regular Expression Matching for Reconfigurable Constraint Repetition Inspection,' in Global Telecommunications Conference, 2008. IEEE Globecom 2008. IEEE, 2008, pp. 1-5. [9] B. L. Hutchings, R. Franklin and D. Carver, 'Assisting Network Intrusion Detection with Reconfigurable Hardware,' in Field-Programmable Custom Computing Machines, 2002. Proceeding. 10th Annual IEEE Symposium on, 2003. [10] C. R. Clark and D. E. Schimmel, 'Efficient Reconfigurable Logic Circuits for Matching Complex Network Intrusion Detection Patterns,' in Field-Programmable Logic and Applications (FPL), 2003. [11] Yen-Kai Wang, 'A Regular Expression Pattern Matching Architecture with Common String Sharing Scheme,' in Master, Department of Electrical Engineering, National Taiwan University, Taipei, 2009. [12] Ying-Hsien Li, 'A PCRE Pattern Matching Architecture with Counter Sharing,' in Master, Department of Electrical Engineering, National Taiwan University, Taipei, 2010. [13] Li Tian, SuYing Yao, 'Research and Improvement of Pre-decode Pattern Matching Circuit,' in Control, Automation, Robotics and Vision, 2008. ICARCV 2008. 10th International Conference on, 2008. [14] Getting Started Guide with the Xilinx Virtex-6 FPGA ML605 Evaluation Kit, Inc, 2010. [15] Embedded Development Kit 12.3, Xilinx, Inc, 2010. [16] LogiCORE IP FIFO Generator v7.2 User Guide, Xilinx, Inc, 2010. [17] PLBV46 Master Burst v1.01a, Xilinx, Inc, 2010. | |
dc.identifier.uri | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/40776 | - |
dc.description.abstract | 資訊安全對於系統管理者與使用者而言相當重要。許多網路入侵偵測系統使用正規表示式或PERL相容正規表示式法來表示它們的樣式。為了跟上網路流量,學者提出建立於確定有限狀態自動機和非確定有限狀態自動機基礎上之硬體化PERL相容正規表示式樣式比對架構。由於比對樣式的增加,樣式比對架構的電路面積會變大,電路面積減少成為一個議題。在這篇論文,我們使用前置共用、字串共用、預先解碼和字符類塊的方式來減少非確定有限狀態自動機型態的硬體架構。我們設計一個極盡所能地擷取前置共用的演算法,並在不增加電路複雜度下,加上字串共用來更進一步減少電路面積。此外,我們在實驗中測試大量的SNORT比對條例,高達2281條。實驗結果顯示,我們的方法可以產生2281筆條例的比對引擎,在virtex-6的器材上減少約35%的邏輯單元。此方法有效於減少電路面積。 | zh_TW |
dc.description.abstract | Network security is important for both system managers and end users. Lots of network intrusion detection systems (NIDS) use regular expressions or PCREs as a description language to represent their signature patterns. To keep up the network flow rate, hardware PCRE pattern matching architectures based on NFA or DFA are proposed. Owing to the ever signature patterns, the circuit area required to implement the pattern matching architecture for regular expression is becoming large. Thus, the reduction of the area of the circuit becomes an important issue. In this thesis, we reduce the circuits required to realize an NFA-based hardware architecture with common prefix sharing, common string sharing, pre-decode and character-class blocks. We design an algorithm to fetch as more common prefix as possible. The common string sharing can further reduce the circuit area without increasing the complexity. In addition, we test as many as 2281 snort rules, quiet many rules, in the experiment. The experiment results show that our approach is able to generate a regular pattern engine to match 2281 rules and is able to reduce 35.5% logic cells on a virtex-6 device. It is effective to reduce the area of circuit. | en |
dc.description.provenance | Made available in DSpace on 2021-06-14T16:59:50Z (GMT). No. of bitstreams: 1 ntu-100-R98921051-1.pdf: 2620269 bytes, checksum: a57bf6d212839b43a74ef7ba5a862d33 (MD5) Previous issue date: 2011 | en |
dc.description.tableofcontents | 口試委員會審定書 ............................................................................................................ i
誌謝 .................................................................................................................................. ii 摘要 ................................................................................................................................. iii Abstract ............................................................................................................................. iv Chapter 1 Introduction ....................................................................................................... 1 1.1 Introduction ............................................................................................... 1 1.2 Contribution ............................................................................................... 5 1.3 Thesis Organization ................................................................................... 5 Chapter 2 Related Work ..................................................................................................... 6 Chapter 3 Common Prefix and Common String ............................................................. 11 3.1 Common Prefix Sharing Scheme ............................................................ 11 3.2 Common String Sharing .......................................................................... 15 Chapter 4 System Architecture ........................................................................................ 18 4.1 System Architecture ................................................................................. 18 4.2 Data Access Block ................................................................................... 19 4.2.1 Memory Fetcher ...................................................................................... 20 4.2.2 Memory Write Back ................................................................................ 22 4.2.3 FIFO Fetcher ........................................................................................... 23 4.3 PCRE Engine ................................................................................................. 24 4.4 HW/SW Co-Design Testing .......................................................................... 27 Chapter 5 Experimental Results ...................................................................................... 31 5.1 FPGA Development Board ...................................................................... 31 5.2 Integrated Development Environment..................................................... 32 5.3 The Interface of Test Application ............................................................ 32 5.4 Synthesis Result ....................................................................................... 32 Chapter 6 Conclusion and Future .................................................................................... 38 References ....................................................................................................................... 39 | |
dc.language.iso | en | |
dc.title | 具前置共用和字串共用PERL相容正規表示比對架構 | zh_TW |
dc.title | A PCRE Pattern Matching Architecture with Common Prefix Sharing and Common String Sharing | en |
dc.type | Thesis | |
dc.date.schoolyear | 99-2 | |
dc.description.degree | 碩士 | |
dc.contributor.oralexamcommittee | 郭斯彥,雷欽隆 | |
dc.subject.keyword | 網路入侵偵測系統,樣式比對,正規表示法,PERL相容正規表示法,非確定有限狀態自動機, | zh_TW |
dc.subject.keyword | NIDS,Pattern Matching,Regular Expression,PCRE,NFA, | en |
dc.relation.page | 40 | |
dc.rights.note | 有償授權 | |
dc.date.accepted | 2011-08-12 | |
dc.contributor.author-college | 電機資訊學院 | zh_TW |
dc.contributor.author-dept | 電機工程學研究所 | zh_TW |
顯示於系所單位: | 電機工程學系 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-100-1.pdf 目前未授權公開取用 | 2.56 MB | Adobe PDF |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。