Title page for 984203012


[Back to Results | New Search]

Student Number 984203012
Author Jing-han Shiu(許景涵)
Author's Email Address 984203012@cc.ncu.edu.tw
Statistics This thesis had been viewed 636 times. Download 503 times.
Department Information Management
Year 2010
Semester 2
Degree Master
Type of Document Master's Thesis
Language zh-TW.Big5 Chinese
Title Using NetFPGA to Implement Integrated NFA and AC Algorithms for Network Based Intrusion Detection Systems
Date of Defense 2011-07-19
Page Count 79
Keyword
  • AC
  • Bloom filter
  • NetFPGA
  • NFA
  • NIDS
  • Snort
  • Abstract In modern society, all walks of life rely on the function of computers and networks, therefore, the computer and network security are becoming more and more important. For avoiding the damage of property, Nework Intrusion Detection Systems (NIDS) are regarded as an indispensable device for network security. However, the software-based NIDS, such as Snort, cannot sustain well protection when the systems meet high network flow under Gbps network. For this reason, this research focuses on the design of high performance intrusion detector and implements the functions of NIDS on NetFPGA.
    But the growing number of signature, it’s getting more difficult to store all the necessary signatures in single FPGA on-chip resource. Therefore this research proposes a system architecture combining FPGA and software-based NIDS for offering complete signature set. Once the signatures cannot be stored in single FPGA, some signature can be distributed to software-based NIDS and be matched by the software-based NIDS later. This is a fresh system architecture that has not been tried. Because of performance issue, this rearch developed a Normal Traffic Filter (NTF) by using Bloom filters to offload software-based NIDS.
    Besides, this research proposes a brandnew design concept that combines the NFA and AC algorithms for storing the signatures in two different on-chip resources (CLB and BRAMs); this method can store more signatures by distributing signatures to CLB and BRAMs. Experiments showed that this novel algorithm can store 2451 snort rules (total 57630 bytes) without consuming up on-chip resource on NetFPGA.
    Table of Content 一、緒論 ……………………………………………………………………………1
    1-1研究背景 …………………………………………………………………1
    1-2動機與目的 ………………………………………………………………2
    1-3研究貢獻 …………………………………………………………………6
    1-4論文架構 …………………………………………………………………7
    二、相關文獻 …………………………………………………………………8
    2-1基於FPGA之字串比對研究 ………………………………………8
    2-1-1軟體字串比對演算法 ……………………………………………………8
    2-1-2非決定性有限狀態機 ……………………………………………………10
    2-1-3布隆過濾器之應用 ………………………………………………………14
    2-2相關文獻比較 ……………………………………………………………17
    2-3流量過濾器相關研究 ……………………………………………………19
    三、系統架構與設計…………………………………………………………21
    3-1系統架構 …………………………………………………………………21
    3-2Snort 規則介紹 ……………………………………………………………22
    3-3PNSA 演算法……………………………………………………………24
    3-3-1前處理……………………………………………………………………25
    3-3-2比對過程…………………………………………………………………27
    3-3-3演算法實作於NetFPGA ………………………………………………30
    3-4正常流量過濾器 …………………………………………………………32
    四、實驗與討論 ………………………………………………………………38
    4-1實驗環境 ……………………………………………………………………38
    4-2字首長度分析……………………………………………………………40
    4-3資源使用率………………………………………………………………42
    4-4吞吐量測試實驗 …………………………………………………………46
    4-5壓力測試 …………………………………………………………………58
    4-6正常流量過濾器誤報率實驗 …………………………………62
    五、結論與未來研究 …………………………………………………………73
    5-1研究結論與貢獻 …………………………………………………………73
    5-2未來研究 …………………………………………………………………74
    參考文獻…………………………………………………………………………………76
    Reference 中文參考文獻
    〔1〕魏雅笛,「利用決策樹以FPGA為基礎之入侵偵測系統資源利用」,國立中央大學,資訊管理學系碩士論文,民國98年。
    〔2〕朱彥豪,「以NetFPGA實作結合布隆過濾器與改良式Karp Rabin演算法之網路惡意封包偵測器」,國立中央大學,資訊管理學系碩士論文,民國99年。
    英文參考文獻
    〔3〕K. Salah , and A.Kahtani, “Performance evaluation comparison of Snort NIDS under Linux and Windows Server”, Journal of Network and Computer Applications, Vol. 33, pp. 6–15, 2010.
    〔4〕Jad Naous, David Erickson, G. Adam Covington, Giudo Appenzeller, and Nick Mckeown, ”Implementing an OpenFlow Switch on the NetFPGA platform”, ACM/IEEE Symposium on Architectures for Networking and Communications Systems, Nov. 2008.
    〔5〕G. Adam Covington, Glen Gibb, John Lockwood, and Nick Mckeown, ”A Packet Generator on the NetFPGA Platform”, 17th IEEE Symposium on Field Programmable Custom Computing Machines, Apr. 2007.
    〔6〕Hao Chen, Douglas H. Sumerville, and Yu Chen, “Two-Stage Decomposition of Snort Rules towards Efficient Hardware Implementation”, 7th International Workshop on the Design of Reliable Communication Networks, 2009.
    〔7〕Sarang Dharmapurikar, and John Lockwood, “Fast and Scalable Pattern Matching for Network Intrusion Detection Systems”, IEEE Journal on Selected Areas in Communications, Oct. 2006.
    〔8〕Yeim-Kuan Chang, Chen-Rong Chang, and Cheng-Chien Su, “The Cost Effective Pre-Processing based NFA Pattern Matching Architecture for NIDS”, 24th IEEE International Conference on Advanced Information Networking and Applications, 2010.
    〔9〕Toshihiro Katashita, Yoshinori Yamaguchi, Atusi Maeda, and Kenji Toda, “FPGA-Based Intrusion Detection System for 10 Gigabit Ethernet”, IEICE Transactions on Information and Systems, 2007.
    〔10〕Jing Yu, Bo Yang, Ruiyuan Sun, and Zhenxiang Chen, “FPGA-Based Parallel Pattern Matching Algorithm for Network Intrusion Detection System”, International Conference on Multimedia Information Networking and Security, 2009.
    〔11〕Chun Janson Xue, Meilin Liu, and QingFeng Zhuge, “Variable Length Pattern Matching for Hardware Network Intrusion Detection System”, Journal of Signal Process System, Vol. 59, p85-93, 2010.
    〔12〕A. V. Aho and M. J. Corasick, “Efficient String Matching: an Aid to Bibliographic Search”, Communications of the ACM 18, p.333-340, 1975.
    〔13〕B. Bloom, “Space/time trade-offs in hash coding with allowable errors”, Communications of the ACM, Vol. 13 Issue 7, July 1970.
    〔14〕Robert S. Boyer and J. Strother Moore, “A Fast String Searching Algorithm”, Communications of the ACM 20, p.762-772, 1977.
    〔15〕Udi Manber and Sun Wu, “Glimpse: A Tool to Search Through Entire File Systems”, Usenix Winter Technical Conference, p. 22-32, 1944.
    〔16〕Ioannis Sourdis, Dionisios Pnevmatikatos, and Stamatis Vassiliadis, “A Evaluation of FPGA-based IDS Pattern Matching Techniques”, 2005, July 2011 accessed from http://www.stw.nl/NR/rdonlyres/D82FD682-973B-452D-B701-6F371ACC404D/0/sourdis.pdf.
    〔17〕Mou-Sen Chen, Ming-Yi Liao, Pang-Wei Tsai, Mon-Yen Luo, Chu-Sing Yang, and C. Eugene Yeh., “Using NetFPGA to Offload Linux Netfilter Firewall”, 2nd North American NetFPGA Developers Workshop, Stanford, CA , 2010.
    〔18〕Haoyu Song, Todd Sproull, Mike Attig, and John Lockwood, “Snort Offloader: A Reconfigurable Hardware NIDs Filter”, International Conference on Field Programmable Logic and Applications, 2005.
    〔19〕M. V. Ramakrishna, E. Fu, and E. Bahcekapili, “A Performance Study of Hashing Functions for Hardware Applications”, Proc. 6th Int’l Conf. Computing and Information, pp. 1621-1636, 1994.
    〔20〕M. V. Ramakrishna, E. Fu, and E. Bahcekapili, “Efficient Hardware Hashing Functions for High Performance Computers”, IEEE Transactions on computers, Vol. 46, p.1378, Dec. 1997.
    相關網站
    〔21〕Symantec. “Symantec Global Internet Security Threat Report – Trends for 2009.”
    〔22〕台灣網路資訊中心,連線頻寬查詢。2011年4月22日取自http://map.twnic.net.tw/
    〔23〕Snort, http://www.snort.org/, 2011.
    〔24〕National Instruments, “FPGA-Under the Hood.” , 2011年6月取自ftp://ftp.ni.com/pub/devzone/pdf/tut_6983.pdf
    〔25〕Xlinx, What Are FPGAs, 2011年7月取自http://www.xilinx.com/company/gettingstarted/index.htm
    〔26〕NetFGPA, http://netfpga.org/, 2011.
    〔27〕Sourcefire, “Snort 2.0 Hi-performance multi-rule inspection engine”, 2003.
    〔28〕Xlinx, Virtex-II Pro and Virtex-II Pro X Platform FPGAs: Complete Data Sheet, p.2, June 2011.
    〔29〕IETF, Benchmarking Terminology for Network Interconnection Devices, 2011年7月取自http://www.ietf.org/rfc/rfc1242.txt
    〔30〕SPIRENT, SmartBits, http://www.spirent.com/Solutions-Directory/Smartbits.aspx
    〔31〕Basic Analysis and Security Engine (base), http://base.secureideas.net/.
    〔32〕NetFPGA-10G, Getting Started Guide Webside, 2011年7月存取自http://netfpga10g.pbworks.com/w/page/32176625/Getting-Started-Guide.
    Advisor
  • Yi-Ming Chen(陳奕明)
  • Files
  • 984203012.pdf
  • approve in 1 year
    Date of Submission 2011-08-11

    [Back to Results | New Search]


    Browse | Search All Available ETDs

    If you have dissertation-related questions, please contact with the NCU library extension service section.
    Our service phone is (03)422-7151 Ext. 57407,E-mail is also welcomed.