| 高速包分类平台的FPGA设计 |
| |
| 引用本文: | 李晶皎,许哲万,王爱侠,陈勇.高速包分类平台的FPGA设计[J].东北大学学报(自然科学版),2012,33(8):1115-1119. |
| |
| 作者姓名: | 李晶皎 许哲万 王爱侠 陈勇 |
| |
| 作者单位: | 1. 东北大学信息科学与工程学院,辽宁沈阳,110819
2. 东北大学信息科学与工程学院,辽宁沈阳110819 金日成综合大学计算机科学大学,朝鲜平壤999093 |
| |
| 基金项目: | 国家自然科学基金资助项目,辽宁省博士启动基金资助项目 |
| |
| 摘 要: | 在网络安全系统中,基于软件的包分类系统受处理器性能与软件串行执行等因素影响,包分类速度有限.为了提高包分类和规则预处理的速度并快速适应规则的更新,本文用硬件电路与通过预规则处理生成的二叉树结构,设计并实现了基于FPGA的包分类系统.实验结果显示:50 000个规则的预处理时间不超过0.051 s;系统的包分类平均速度大于10 Gbit/s,Snort入侵检测系统的规则头的分类平均速度大于20 Gbit/s.
|
| 关 键 词: | 包分类 FPGA 二叉树 入侵检测系统 网络安全 |
Design of Speed Packet Classification System Based on FPGA |
| |
| LI Jing-jiao,HO Chol-man,WANG Ai-xia,CHEN Yong.Design of Speed Packet Classification System Based on FPGA[J].Journal of Northeastern University(Natural Science),2012,33(8):1115-1119. |
| |
| Authors: | LI Jing-jiao HO Chol-man WANG Ai-xia CHEN Yong |
| |
| Institution: | 1(1.School of Information Science & Engineering,Northeastern University,Shenyang 110819,China;2.School of Computer Science,Kim Il Sung University,Pyongyang 999093,D.P.R of Korea.) |
| |
| Abstract: | In the network security system,there is a limitation on the speed of software-based packet classification due to the processor performance,the serial program execution and so on.In order to improve the speed of packet classification and pre-processing for rules,and adapt to the rules updated quickly,a packet classification system based on FPGA was designed and implemented using hardware circuit and the binary tree structure generated through the pre-processing for rules.The experimental results show that the pre-processing time for 50 000 rules is shorter than 0.051 s,the average speed of packet classification is bigger than 10 Gbit/s and the average speed of rule-header classification for Snort IDS is bigger than 20 Gbit/s. |
| |
| Keywords: | packet classification FPGA binary tree IDS(intrusion detection system) network security |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《东北大学学报(自然科学版)》浏览原始摘要信息 |
| 点击此处可从《东北大学学报(自然科学版)》下载免费的PDF全文 |
|
