| As the key of network intrusion detection and application layer protocol identification, Deep Packet Inspection(DPI) become more and more important to the security of network and information. To improve the performance of DPI based on pattern matching, some new method are presented.The main work and contribution of the thesis include as follows.1. We compare the technology of DPI based on pattern matching, study the design and implementation of Snort's DPI engine, by do these to show the bottle-neck of the DPI performance implemented by software.2. Based on the study of regular expression matching algorithm, we describe the shortage of it and give a mathod of DPI to accelerate the match of regular expression by hardware. Design a new architecture with pipelining, propose the algorithm of queue management and rules transformation.3. We find the hidden trouble of the pre-filter, when many rules with similar pattern are in the same set, it will lead to the bad result. We introduce a Multi-AC algorithm to filtrate the big set of rules, and get a betterment.4. At last, we implement the two method of improving performance proposed above. Use hardware to accelerate the regular expression matching, and the throughput of Snort achieves a factor of 2.5 improvement over the primary system. Compared to the AC pre-filter algorithm, our Multi-AC algorithm get smaller rule sets, the size of rule set is reduce to 11%~14% of primary one.The result of experiment proves that both of our approaches improve the performance of DPI effectively. Our approaches are carried out in a device, which validate the feasibility and validity, they are very useful in the network project. |
PDF Full Text Request