Research On NetFPGA-Based Embedded Network Security Prevention System

The development of network makes people's lives more and more convenient. However, at the same time, it also leads to a series of new problems. A large number of attacks to network service providers through network occurred, which result in network congestion and loss of services ability. More attentions are attracted by network security technologies. Since the invasive means are more and more complex, single method such as firewall, intrusion detection system cannot satisfy demands of people. A new direction of development is to integrate various protective means to improve system security.First, in this paper, a design of NetFPGA-based embedded network security prevention system is proposed, which integrates firewall and intrusion detection system. The communications between firewall and intrusion detection system is implemented by rules. Once intrusion behaviors are detected by intrusion system, it timely sends the relevant rules to firewall, and then the firewall respond by stopping the invasion. The system chooses the structure of server host with NetFPGA board. The server host and NetFPGA board communicate via PCI slot.Secondly, this paper discusses the improvement of pattern matching algorithm, which has been applied in the security prevention system. Since security filtering and detection are related to plenty of pattern matching in this system, it is designed that different pattern matching algorithms according to the characteristics of software and hardware.Subsequently, this paper introduces the implementations of every functional module. Specific content consists of three parts: First, the intrusion detection module that actualized by software in the server hot. Second, the design of hardware/software interface. Third, the implementation of the firewall function module with Verilog hardware description language on the NetFPGA card.In conclusion, a design of NetFPGA-based embedded security prevention system is proposed. The structure sever host with NetFPGA card is used. Packet filtering and contents detection are implemented using NetFPGA. Software on the protected host takes charge of configuration, updating rules and implementation of intrusion detection system. NetFPGA works with host via PCI interface. Furthermore, firewall combined with intrusion system is accomplished. The results have shown that the security protection system embedded reacts accurate, pertinent and fit in practice.