| With the rapid development of information technology, the internet has become the mostimportant information channels and communication platforms of the homes and enterprises.Then a variety of network security issues followed, and the hacker’s network intrusiontechnology is more and more high-end. Therefore, people have increasing requirements fornetwork security products. It has been difficult to obtain satisfactory results by relying entirelyon traditional single network security protection technology. Therefore, the design of a securityproduct which integrated a variety of security technologies has great significance.The paper focused on network security defending technology and its hardwareimplementation. First, analyze the state detection technology and IP packet format of variety IPpackets, summed up the state detection processes of TCP, UDP, and ICMP packet. Then,introduce the common intrusion detection technology; give deeply analysis on the matchingtechnology in the misuse intrusion detection technology and the flow defending technology inanomaly intrusion detection technology.Base on the above two techniques, the paper builds a model of a network security defendingsystem. The model includes five modules which are the package preprocessing module, thedetection module, the audit module, data storage module and Response module. Detectionmodule is consisted by the matching detection sub-module, the state detection sub-module, TTLdetection sub-module, IP packet flow detection sub-module and the SYN detection sub-module.The paper gives deeply analysis on the FPGA implementation of these modules. Thenvalidate the model on FPGA hardware platform. Finally, the functional and performance test areexecuted by the use of a instrument named SmartBits. The test results proved that the systemfunctions properly, and has a good network performance in100M package flow environment. |
PDF Full Text Request