| The purpose of designing network processor prototype is to probe into the technology of developing and manufacturing network processors in our own country, in order to narrow the technological disparity of network equipments between our country and the overseas. Based on SOPC (System On Programmable Chip) technology, the design of network processor prototype in this paper utilizes multi-processing units in parallel architecture, scalable instruction set and a co-processor which is widely used to accelerate many different algorithms and often achieves better performance of several orders-of-magnitude than software implementations.After analyzing the causes of the speed bottleneck in the detecting stage of an intrudion detection system and the pattern matching algorithm, we propose a solution to implement an intrusion detection system based on network processor. Our system uses hardware implementations to take place of software implementations to realize the main function modules such as data-collecting and filtering, packet dispatching, multi-pattern matching in an IDS and etc., as a result the speed of packets checking in our system has been improved by several orders-of-magnitude.Network processing technology is a newly developed technology focusing on processing data on the network. It employs multi-grades parallel and special function units to accelerate the speed of complex and time-consuming algorithms, so that the best processing performance can be reached. The scheduling policy of network-processor is very important for entirely utilizing the PEs(Processing Element), CoPs(Coprocessor), Memories and bandwidth. By constructing and analyzing the network-processor model we get such conclusion as the key performance factor is the number of PE, which is mostly decided by the different degree between coprocessor's performance and PE's performance, and generally the number of hardware threads in a PE is 2.Based on network processor, the paper finishes the implementation of an Intrusion Detection System prototype which uses hardware implementations based on network processor to take place of the traditional software implementations to solve the problem of intrusion detection speed and uses hardware to realize the main labor functions such as data-collecting and filtering, dispatching data-packets among multi-processing units, multi-patterns matching. The intrusion-detection of data packets is also parallel processed in the multi-processing units. We have designed a controlling module, a data-collecting module, 4 soft core Nios II processor elements, a multi-pattern matching co-processor and a responsing module. They are completed with FPGAs in the Quartus... |
PDF Full Text Request