Research And Application Of The Flow Filtration Key Technology In The High-speed Network

With the development of the network, the illegal information of the network threats the network’s security seriously.Therefore, it is necessary to filter the harmful information which violates the security policy.Traditional filtering techniques filter the data based on the packet header while more and more harmful information is often hidden in data content. The traditional filtering technology is not the effective solution to this problem. Since the regular expression has rich and flexible expression ability, the regular expression can be used as a key filtering technique to filter the network traffic which contains unsafe information.While converting regular expression rules into DFA, the problem of "Space explosion" which consumes a lot of memory space is inevitable. It is unable to store the DFA in the hardware memory directly and effectively. So we need to compress the state space so that it can consume less memory space. As the parellel features of the FPGA hardware and filtering data consumes a large amount of computing power, it is suitable for using FPGA to handle large amounts of data streams. Some research has been done on regex-based filtering technologies of the high-speed network flow, which is implemented on the NetFPGA-10G platform.Primary innovative contributions can be summarized as follows:First of all, it puts forward a cluster-based clustering and run-length encoding regular expression compression algorithm. In order to solve the "Space explosion" problem,A DFA algorithm based on Clustering, named ClusterFA, was proposed. However, it is difficult to take the ideal value for the number of groups for clusterFA algorithm. The numbers in each line of the class center vector table, which is also named CommonTable, is continously repeated. In order to further improve the clusterFA compression ratio, a new solution named En_ClusterFA is put forward:it extracts the same head and tail section between lines of the CommonTable as part of the index table, and then uses the run-length coding technique to code the Continuously repeated numbers. Compared with the ClusterFA algorithm, the compression ratio of the En_ClusterFA improves by an average of 4%.2) With the advantages of En_ClusterFA algorithm and the accelerated parallel features of FPGA, a high-speed network flow filtration system based on NetFPGA-10G platform is designed and implemented:it uses the exact string matching and the DFA engine to identify and filter the network flows, and then transmit them to the data buffer of the kernel driver. Finally, the network flows are copied to the user space directly. In order to verify the exact string match engine and DFA engine, the number of packets filtered by the hardware is counted, and then displayed on the user interface. The experimental results verify the correctness of the algorithm.