Research On Key Technologies For Deep Analysis System Of Network Traffic By Software And Hardware Co-Design

The rapid development of network infrastructure and the rapid growth of network bandwidth bring convenience to human working life,but also bring more network security problems.The increasing variety and complexity of malicious traffic in the network environment bring more and more challenges to the intrusion detection/defense facilities.In order to maintain the stability of the network environment and protect the security of network assets,it is important to improve the processing capability of the intrusion detection/defense system under the high-speed network.Deep packet inspection(DPI)system,as an important part of the intrusion detection system,and how to improve the performance of the DPI system has become an important research direction.The traditional DPI system is mostly implemented in a software-based approach,but in recent years the growth rate of general-purpose CPU processing power is slowing down,and the processing power of the software approach is also reduced to match the growth rate of network traffic.Hardwareaccelerated devices represented by ASICs and FPGAs are highly parallel and have natural advantages in performing pattern matching,providing new ideas for improving the performance of deep message detection.In this thesis,the overall structure and key technologies of a DPI system designed in collaboration with hardware and software are studied,specifically,the main work of this thesis is as follows.(1)The architecture of the DPI system is proposed for software and hardware co-design.By analyzing the real traffic and summarizing the actual characteristics of the traffic,a software and hardware collaborative processing model with level-by-level filtering is adopted,and the overall design of the software and hardware collaborative DPI engine architecture is proposed.The system proposed in this thesis combines the flexibility of software and the high performance of hardware.Compared with the existing software-hardware DPI system Pigasus,this thesis offloads part of the regular expression matching task to hardware,thus effectively improving the overall throughput rate of the system.(2)The Xilinx U200 accelerator card is used to implement a software and hardware DPI system with key modules,including a high-speed Ethernet interface module and a multi-pattern matching module.The Ethernet interface module is capable of sending and receiving messages at line speeds of up to 100 Gbps.The multi-pattern matching module can achieve a throughput rate of 60 Gbps,filtering most of the harmless traffic and sending only about 11% of the packets to perform regular expression matching,thus reducing the processing pressure on the regular expression matching module.(3)The design and implementation of the regular expression matching engine(FRA-FPGA)are completed.The reconfiguration capability of the regular expression matching engine is especially critical for software and hardware co-designed DPI engines.The reconfiguration time of FRA-FPGA is only 1 microsecond,while existing regular expression matching engines that support reconfiguration can reconfigure in as little as milliseconds.In this thesis,FRA-FPGA is used for real-time offloading of Hyperscan complex rules,which improves the performance of Hyperscan by 16 times(stream mode)and 33 times(block mode)with only 4.23% more logic resources and 16.64% more storage resources consumed by the FPGA.The proposed software-hardware collaborative design of the DPI system adopts a level-by-level filtering processing mode,which reduces the processing burden of the complex regular expression matching module and reduces the resource requirement of the hardware accelerator.In addition,the software-hardware collaboration in the regular expression matching phase is realized with the help of a regular expression matching engine that supports fast reconfiguration,which improves the overall system throughput while combining the flexibility of the system.