摘要
在入侵检测中,模式匹配算法的改进对检测速度的提高是有限的,不是解决问题的根本策略。本文设计了一个基于硬件的入侵检测系统原型,系统采用基于网络处理器的硬件策略取代传统入侵检测的软件策略,将入侵检测的主要工作,如数据采集及过滤、数据包的调度、多模式匹配等用硬件实现。它们都是在基于FPGA上实现的,并可以根据实际需要增加硬件和自定义指令来提高系统性能。测试表明该系统的性能与传统方法相比有显著的提高,很好地解决了入侵检测中的速度瓶颈问题。
In intrusion detection, improvement of the pattern-matching algorithms is limited to the increase of detection rate and not fundamental strategy to solve the problem. This paper designed intrusion detection system prototype based on the hardware. The system uses hardware implementations based on network processor to replace the traditional software strategy and uses hardware to realize the main functions such as data-collecting and filtering, data-packets dispatching, multi-patterns matching. They are completed based on the FPGA, and we may add the hardware and define our specific instructions to accelerate system performance. Experimental shows that the system's performance has a significant improvement compared to traditional methods, and is a good solution to the bottlenecks of intrusion detection speed.
出处
《微计算机信息》
2009年第23期143-144,147,共3页
Control & Automation
