請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/43188
完整後設資料紀錄
DC 欄位 | 值 | 語言 |
---|---|---|
dc.contributor.advisor | 王勝德 | |
dc.contributor.author | Po-Han Huang | en |
dc.contributor.author | 黃柏涵 | zh_TW |
dc.date.accessioned | 2021-06-15T01:41:35Z | - |
dc.date.available | 2011-07-16 | |
dc.date.copyright | 2009-07-16 | |
dc.date.issued | 2009 | |
dc.date.submitted | 2009-07-14 | |
dc.identifier.citation | [1] Transmission Control Protocol wiki, http://en.wikipedia.org/wiki/Transmission_Control_Protocol
[2] Perl Compatible Regular Expressions wiki, http://en.wikipedia.org/wiki/PCRE [3] Snort Configuration Directives, http://www.snort.org/ [4] Jhu-Jin Yang, “High-Speed Stateful Packet Inspection Architecture for Network Intrusion Detection Systems,” National Taiwan University mater thesis. [5] Al Basseri , “Different TOEs for different folks,” reprinted from Compact PI systems, December, 2003 [6] M. Necker, D. Contis, and D. Schimmel, “TCP-Stream reassembly and state tracking in hardware,” in Field-Programmable Custom Computing Machines, 2002. Proceedings. 10th Annual IEEE Symposium on, 2002, 286-287 [7] Sarang Dharmapurikar and Vern Paxson, “Robust TCP stream reassembly in the presence of adversaries,” in Proceedings of the 14th conference on USENIX Security Symposium - Volume 14 (Baltimore, MD: USENIX Association, 2005), 5-5, http://portal.acm.org/citation.cfm?id=1251403 [8] Aleksandr Dubrovsky, Roman Yanovsky, Scott Aaron More, Boris Yanovsky, “Method and an apparatus to perform multiple packet payloads analysis”, USPTO Application #: 20060077979 [9] Yasuhiro Yamasaki, Hideyuki Shimonishi, and Tutomu Murase ,” Statistical Estimation of TCP Packet Loss Rate from Sampled ACK Packets,” IEEE Globecom 2005 | |
dc.identifier.uri | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/43188 | - |
dc.description.abstract | 隨著網路流量不斷地增加, 軟體形式的網路入侵偵測系統越來越無法滿足這樣的網路環境。因此目前多數的系統開發者會嘗試去設計專為網路應用的硬體電路來取代越來越不符需求的軟體系統, 這樣的概念通常被稱為TCP卸載引擎( TCP offload engine, TOE) 。傳輸層封包重組的工作一般是由作業系統所執行,在設計TOE的硬體架構時, 傳輸層封包重組扮演著足以影響整體系統效能的角色。
本篇論文提出一個傳輸層封包重組硬體架構的實作方法。 嘗試在有限的記憶體資源之下, 作最大的利用。此傳輸層封包重組架構除了處理一般的重組工作之外, 我們也加入了一套仔細規劃過的排程系統。這個排程系統直接與樣式比對硬體溝通, 通知樣式比對硬體照正確的順序將封包的內容由記憶體讀出進行樣式比對。 本篇論文提出的架構, 可以達到超過5 Gbps 的處理能力, 同時提出一個創新的方法名為早期封包檢測。 在不影響安全顧慮的前提下, 嘗試及早將記憶體空間釋放。同時也討論封包遺失對於系統記憶體的影響, 避免記憶體空間因為封包遺失而被大量暫存的封包資料給佔滿而無法處理新進的封包。 | zh_TW |
dc.description.abstract | Network intrusion detection software is becoming insufficient while the traffic on the internet is increasing. As a result, developers seek to design
internet specific intellectual circuits, often known as TCP offload engines (TOEs), to substitute for software solutions. TCP reassembly, which is traditionally managed by operating system, plays an important role in the design of TOEs. This thesis presents a hardware implementation of TCP reassembly system dedicated for pattern matching that utilizes the limited memory resources and a carefully designed scheduling mechanism that informs the pattern matching unit to inspect the packet payloads in the correct order. The proposed architecture achieves more than 5 Gbit/s throughput. It also presents a novel mechanism called early inspection to keep the receive buffer from being overwhelmed that packet-loss might cause to common TCP reassembly units. | en |
dc.description.provenance | Made available in DSpace on 2021-06-15T01:41:35Z (GMT). No. of bitstreams: 1 ntu-98-J96921019-1.pdf: 2202144 bytes, checksum: c0c8f4e51d39091ca239089664b12071 (MD5) Previous issue date: 2009 | en |
dc.description.tableofcontents | 1 Introduction and Background 10
1.1 TCP Reassembly . . . . . . . . . . . . . . . . . . . 11 1.1.1 Sequence Number . . . . . . . . . . . . . . . . . 13 1.1.2 TCP Sliding Window Protocol and Receive Buffer . . 13 1.2 Pattern Matching and Maximum Length of Snort PCRE Rules . . . . 15 1.2.1 Pattern Matching Unit and Input Patterns . . . . . 15 1.2.2 Maximum Length of Snort PCRE Rules . . . . . . . . 16 1.3 SPI System . . . . . . . . . . . . . . . . . . . . . 20 1.4 Retransmission Time Interval . . . . . . . . . . . . 21 1.5 Problem Statement . . . . . . . .. . . . . . . . . . 22 1.5.1 Common TCP reassembly Concerns . . . . . . . . . . 23 1.5.2 Dedicating to Pattern Matching Concerns . . . .. . 24 1.6 Thesis Organisation . . . . . . . . . . . . . . . . 25 2 Related Works . . . . .. . . . .. . . . .. . . . .. . .26 2.1 Researches on General TCP Reassembly . . . . . . . . 26 2.2 Researches on The Interface Between TCP Reassembly and Pattern Matching......................... . . . . . .. . 27 2.3 Discussions . . . . .. . . . . . . . . . . . . . . . 28 3 TCP Reassembly Architecture 30 3.1 Preliminary . . . . . . .. . . . . . . . . . . . . . 30 3.1.1 Early Inspection . . . . . . . . . . . . . . . . . 31 3.1.2 IP-Layer Reassembly Unit . . . . . . . . . . . . . 34 3.1.3 Simplified Serial Number . . . . . . . . . . . . . 34 3.2 A Simple TCP Reassembly Architecture . . . . . . . . 35 3.3 Proposed TCP Reassembly Architecture . . . . . . . . 37 3.3.1 System Overview and Packet Processing Flow . . . . 37 3.3.2 TCP Header Parsing . . . . . . . . . . . . . . . . 39 3.3.3 Memory Management . . . . . . . . . . .. . . . . . 42 3.3.3.1 Memory Management Unit . . . . . . . . . . . . . 42 3.3.3.2 Data Structure . . . . . . . . . . . . . . . . . 42 3.3.3.3 Linked Pages . . . . . . . . . . . . . . . . . . 43 3.3.3.4 The Policy of Releasing the Pages . . . . .. . . 46 3.3.4 Scheduling . . . . . . . . . . . . . . . . . . . . 47 3.3.4.1 The Approches Dealing with Arriving Segments . . 47 3.3.4.2 Scheduling . . . . . . . . . . . . . . . . . . . 50 3.3.5 Interface Providing to Pattern Matching Unit . . . 54 4 Implementation . . . . .. . . . .. . . . .. . . .. .. .57 4.1 State Machine . . . . . . . . . . . . . . . . . . . 57 4.2 FPGA Verification , Performance and Resources Used . 59 5 Experiments on TCP Reassembly Mechanisms. . . .. . . . 63 5.1 Experiment Setup . . . . . . . . . . . . . . . . . . 64 5.1.1 Attributes and Software Simulation Setup . . . . . 64 5.1.2 Algorithms of the Three Mechanisms . . . . . . . . 66 5.1.2.1 The Simple TCP Reassembly Unit . . . . . . . . . 66 5.1.2.2 TCP Reassembly Unit Using Paging . . . . . . . . 68 5.1.2.3 TCP Reassembly Unit Using Paging and Early Inspection . 68 5.2 Experiment Results . . . . . . . . . . . . . . . . . 68 5.2.1 Configuration of the Amount of Total Packets Sent 68 5.2.2 Configuration of Retransmission Time Interval . . 71 5.3 Configuration of Packet-Loss Rate . . . . . . . . .. 74 5.4 Conclusion . . . . . . . . . . . . . . . . . . . . . 76 6 Conclusion and Future Work . . . . .. . . . .. . . . . 77 Bibliography ......................................... 80 | |
dc.language.iso | en | |
dc.title | 支援早期封包檢測及樣式比對之快速傳輸層封包重組架構 | zh_TW |
dc.title | A High-Speed TCP Reassembly Architecture with Early Inspection Mechanism for Pattern Matching | en |
dc.type | Thesis | |
dc.date.schoolyear | 97-2 | |
dc.description.degree | 碩士 | |
dc.contributor.oralexamcommittee | 羅佳田,熊博安,鄭振牟,雷欽隆 | |
dc.subject.keyword | 網路安全,傳輸層封包重組,樣式比對,傳輸層協定卸載引擎, | zh_TW |
dc.subject.keyword | Internet security,TCP reassembly,Pattern matching,TCP offload engine, | en |
dc.relation.page | 81 | |
dc.rights.note | 有償授權 | |
dc.date.accepted | 2009-07-14 | |
dc.contributor.author-college | 電機資訊學院 | zh_TW |
dc.contributor.author-dept | 電機工程學研究所 | zh_TW |
顯示於系所單位: | 電機工程學系 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-98-1.pdf 目前未授權公開取用 | 2.15 MB | Adobe PDF |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。