Research And Realization Of High Speed Protocol Identification Based On Regular Expression

Application-Layer Protocol Identification is the basis of Differentiate Service, QoS, Intrusion Detection System, Traffic Analysis and Control, Charge Management and Behavior Analysis of Users. Because new protocols appear ceaselessly and bandwidth of network develops fast, the traditional methods of protocol identification fall short of application yet. So, this thesis focuses on the protocol identification of the ISP Backbone with high speed traffic, Based on the research of many Protocol Identification methods, this thesis studies on the method of high speed protocol identification based on regular expression, and a new method based on hardware has been proposed. The main contributions of the thesis are as follows.1. Based on Thompson algorithm and some improved algorithm, a new method which can realize the mapping from regular expression to NFA has been proposed, the NFA built by this method without epsilon transfer and very close to DFA.2. A method of beforehand manage character based on decode table has been proposed. This method builds decode table with memory block that inside of FPGA, to beforehand manage the payloads that input the matching engine, from which to reduce hardware resource markedly. Compared to the traditional character encoder, this method can decode character neatly, and can distribute hardware resource of FPGA in reason.3. According to the characteristic of protocols'pattern, a method of build matching engine which combine to the pre-decode technology has been proposed. Then a side-by-side matching engine is been researched, which can manage multi-character in one clock, thereby can improve the speed of match multiple.4. According to the protocol pattern of L7-filter, build signal matching engine for all protocols, and side-by-side matching engine for some typical protocols, to meet the requirement of the ISP Backbone with high speed traffic.5. A High Speed Network Protocol Identification Framework based on regular expression has been proposed. And consider combining it into network safety, apply in next general network security system.