Research And Implementation Of High Speed Network Packet Protocol Analysis System

With increases in network bandwidth and process capability, viruses and malicious attacks spread faster, and bring greater threats. Specially aiming at layer-independent attacks, Deep Packet Inspection extends the intrusion detection targets from the Network layer and the Transport layer to the Application layer. It scans not only the header also the payload of the packets. Protocol analyzing makes a smart expansion of pattern matching. Protocol analyzing scans packets according to the network protocols, in order to identify the type of the protocols and detect the signatures of attacks. Protocol analysis takes effectively use of the layer-protocol system, to determine the signature quickly and accurately. With the network throughput rise rapidly, the process speed of string pattern matching becomes a bottleneck of the traditional software systems. At the same time, the development of hardware technology makes it possible to achieve the protocol analysis system based on deep packet inspection with hardware.In this thesis, we investigated the characteristics of the high speed core network with 10Gbps speed and the typical network protocol. Then we explored a hardware candidate to deep packet inspection. Given the high level of parallelism and the powerful processing capability, we discussed the architecture of dual TCAM search engine, deep packet inspection with pipeline strategy, and the protocol analysis technology based on session indentifing. Further we presented a design of protocol analysis system, which adopt deep packet inspection on dual TCAM search engine. The system expanded the width of searching to increase the throughput of the search engine, so that the performance of the system could adapt the line speed of the typical core network. In addition, the search engine matched the patterns which could present a session according to the protocol, and the syetem indentified the relationship between the patterns in order to determine a session, further achieve protocol analysis on the application protocol.This thesis presents a hardware implement of protocol analysis system. It is achieved and verified on the hardware platform. The simulating results show that the design could meet the requirements of the high speed network well, and achieve the protocol analysis on the Network layer, Transport layer and Application layer.