检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]北京科技大学信息工程学院,北京100083 [2]中国科学院计算技术研究所,北京100190 [3]无锡城市云计算中心有限公司,无锡214315
出 处:《计算机科学》2013年第3期68-73,103,共7页Computer Science
基 金:国家自然科学基金(61070026)资助
摘 要:随着网络带宽的快速增长,互联网正面临着日益严重的安全威胁。网络入侵检测系统(NIDS)利用模式匹配等技术对网络报文进行分析和检测,是防范网络威胁、保护网络安全的一种有效手段。但模式匹配消耗巨大的计算量,现有的技术难以满足10Gbps以上骨干网络NIDS的需求。提出了基于Bloom filter的细粒度并行模式匹配技术PBPM(Parallel-Bloom-filter-based multi-Pattern Matching),PBPM利用多个相同的Bloom filter分别从输入文本的不同位置处并行匹配,每个周期可完成多个字符的匹配,显著提高了匹配速率。详细讨论了在FPGA上的实现方式,在Snort 2.9规则集上的测试结果表明,PBPM能够提供超过20Gbps的模式匹配需求。As the network bandwidth continuously increases, the network security has been seriously threatened by ma- licious behaviors and risks. Network intrusion detection system (Nff)S) is one of the efficient measures to cope with in- trusion threats and protect information security, which employs pattern matching techniques to analyze incoming packe- ts and detect potential threats. However, pattern matching is such a compute-intensive task that most current techniques can't meet the demand of NIDS for backbone networks over 10Gbps speed. We proposed a novel Bloom filter based ap- proach for pattern matching, called PBPM (Parallel-Bloom-filter-hased multi-Pattern Matching). PBPM employs multi- ple copies of the same Bloom filter to carry out parallel matching on different positions of the input text at the same time. The fine-grained parallel approach is able to skip multiple characters per clock when implemented on FPGAs, dra- matically improving pattern matching performance. Experimental results on the rule set from Snort 2. 9 show that the throughput of PBPM exceeds more than 20Gbps.
关 键 词:多模式匹配 字符串匹配 BLOOM filter PBPM NIDS
分 类 号:TP393[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.46