| With the increasing of internet bandwidth people need Intrusion Detection System (IDS) to be more efficient. Because software IDS works in a serial way it fails to meet the need of network security in the high traffic network conditions. The limit of throughput of the pattern matching engine is the bottleneck of IDS. Moreover, because over 90 percent of the CPU time is spent in regular expression matching in these pattern matching engines, increasing the throughput of regular expression matching is significant to the intrusion detection system.By studying the software regular expression matching engine, this thesis provides an FPGA based engine which takes the advantages of the hardware in parallel processing. By increasing the throughput of regular expression matching the hardware engine promote the efficiency of the IDS and subsequently satisfy the requirement of network security. The thesis took the advantages of the NFA regular expression engine in designing, and furthermore, by parallel processing multi-regular expression and eliminating the backtracking the hardware engine eventually improved the throughput of the pattern matching. Because it works in a dataflow-driven style the control unit is removed from the designing and this will weaken the complexity of the software compiler in generating the hardware engine. The engine is constructed by general modules, and by these general modules combining all kinds of regular expression can be matched, and then the engine can meet the circumstance that the intrusion pattern is dynamic updating. The data of the experiment demonstrates that the hardware regular expression matching engine of this thesis has increased the throughput in pattern matching and it fits the high traffic network conditions. |
PDF Full Text Request