簡易檢索 / 詳目顯示
| 研究生: |
唐錦為 Jin-Wei, Tang |
|---|---|
| 論文名稱: |
針對基於硬體實作網路入侵偵測系統效能評估之系統層級模擬架構 A System-Level Simulation Framework for Performance Evaluation of Hardware-Based Network Intrusion Detection Systems |
| 指導教授: |
鍾葉青
Yeh-Ching, Chung |
| 口試委員: | |
| 學位類別: |
碩士 Master |
| 系所名稱: |
電機資訊學院 - 資訊工程學系 Computer Science |
| 論文出版年: | 2007 |
| 畢業學年度: | 95 |
| 語文別: | 英文 |
| 論文頁數: | 25 |
| 中文關鍵詞: | 網路入侵偵測系統 、電子系統層級 、模式匹配 |
| 外文關鍵詞: | intrusion detection system, electronic system level, pattern matching |
| 相關次數: | 點閱:3 下載:0 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
網路入侵偵測系統是一套用來保護電腦不受到惡意使用者的攻擊的受歡迎的安全軟體。基於硬體實作的網路入侵偵測系統使用各種硬體加速器來增加效能,但是傳統的設計方法已經無法滿足設計複雜度快速成長的單晶片系統設計。在這篇論文,我們提出一個基於電子系統層級(Electronic System Level)軟體,ARM RealView SoC Designer的系統層級模擬架構。這個提出的模擬架構既可以更早地驗證網路入侵偵測系統,也可以更容易地評估各種不同架構的網路入侵偵測系統的效能。以這個模擬架構為基礎,我們實作兩個例子,一個是基於軟體實作的MyIDS;另一個是基於硬體實作的HASH HPMM(硬體模式匹配模組 hardware pattern matching module),並且和Snort比較效能。從實驗的結果可以得知,這個模擬架構可以很容易地評估網路入侵偵測系統的效能並且很快地找出較好的設計。
The network intrusion detection system (NIDS) is a popular security tool to protect computers to from attacks by malicious users. A hardware-based NIDS uses several hardware accelerators to increase performance, but traditional design methodology does not satisfy the rapidly growing design complexity of SoC design. In this thesis, we propose a system-level simulation framework based on an ESL (Electronic System Level) tool, ARM RealView SoC Designer. The proposed framework can verify NIDS early and evaluate performance of various architectures easily. Based on this framework, we implement two cases, software-based MyIDS and hardware-based HASH HPMM (hardware pattern matching module), and compare their performance with Snort. The experimental results show that the simulation framework can evaluate performance of NIDS easily and find better design quickly.
[1]. ARM Co. Ltd., http://www.arm.com/
[2]. ARM RealView SoC Designer, http://www.arm.com/products/DevTools/MaxSim.html
[3]. A. V. Aho and M. J. Corasick. “Efficient string matching: an aid to
bibliographic search,” Commun. ACM, vol. 18, no. 6, 1975, pp. 333-340.
[4]. Bro, http://www.bro-ids.org/
[5]. R. S. Boyer and J. S. Moore. “A fast string searching algorithm,”
Commun. ACM, vol. 20, no. 10, 1977, pp. 762-772.
[6]. C. R. Clark and D. E. Schimmel. “Modeling the Data-Dependent
Performance of Pattern-Matching Architectures,” In Proceedings of 14th
International Symposium on Field Programmable Gate Arrays, 2006.
[7]. C. R. Clark, W. Lee, D. Schimmel, D. Contis, M. Koné, A. Thomas.
“A Hardware Platform for Network Intrusion Detection and Prevention,” In
Proceedings of Workshop on Network Processors and Applications (NP3), pp.
136-145, 2004.
[8]. C. R. Clark and C. D. Ulmer. “Network intrusion detection systems on
FPGAs with on-chip network interfaces,” In International Workshop on Applied
Reconfigurable Computing (ARC), Algarve, Portugal, Feb. 2005.
[9]. B. Commentz-Walter. “A String Matching Algorithm Fast on the Average,”
In Proceedings of the 6th Colloquium, on Automata, Languages and
Programming (July 16-20, 1979). H. A. Maurer, Ed. Lecture Notes In Computer
Science, vol. 71. Springer-Verlag, London, 118-132.
[10]. M. Goudarzi, S. Hessabi. “The ODYSSEY Tool-Set for System-Level
Synthesis of Object-Oriented Models,” in SAMOS V: Embedded Computer
Systems: Architectures, MOdeling, and Simulation, Greece, Springer-Verlag
LNCS 3533, pp. 394-403, July 2005.
[11]. Integrator ASIC Development Platform,
http://www.arm.com/products/DevTools/IntegratorAP.html
[12]. T. Kempf, K. Karuri, S. Wallentowitz, G. Ascheid, R. Leupers, and H.
Meyr. “A SW performance estimation framework for early system-level-design
using fine-grained instrumentation,” In Proceedings of the Conference on Design,
Automation and Test in Europe (DATE), 2006.
[13]. D. E. Knuth, J. H. Morris, and V. R. Pratt. “Fast pattern matching in
strings,” SIAM J. Comput., vol. 6, no. 2, pp. 323-350, 1977.
[14]. MIT Lincoln Laboratory – DARPA Intrusion Detection Evaluation Data Sets,
http://www.ll.mit.edu/IST/ideval/index.html
[15]. G. Papadopoulos and D. Pnevmatikatos. “Hashing + Memory = Low Cost,
Exact Pattern Matching,” In Proceedings of 15th International Conference on
Field Programmable Logic and Applications, 2005.
[16]. H. Posadas, F. Herrera, P. Sánchez, E. Villar, and F. Blasco.
“System-Level Performance Analysis in SystemC,” In Proceedings of the
Conference on Design, Automation and Test in Europe (DATE), 2004.
[17]. RealView Core Generator,
http://www.arm.com/products/DevTools/MaxCore.html
[18]. RealView Model Library for SoC Designer,
http://www.arm.com/products/DevTools/ModelLibrary.html
[19]. M. Roesch. “Snort: Lightweight intrusion detection for networks,” In
Proceedings of the 13th Conference on System Administration (LISA-99), pages
229-238, Berkeley, CA, Nov. 7-12 1999. USENIX Association.
[20]. Snort, http://www.snort.org/
[21]. SystemC, http://www.systemc.org/
[22]. I. Sourdis, D. Pnevmatikatos, S. Wong, and S. Vassiliadis. “A Reconfigurable
Perfect-Hashing Scheme for Packet Inspection,” In Proceedings of 15th
International Conference on Field Programmable Logic and Applications, 2005.
[23]. Tcpdump, http://www.tcpdump.org/
[24]. F. Yu, R. Katz, and T. V. Lakshman. “Gigabit rate packet pattern
matching using TCAM,” In Proceedings of 12th IEEE International Conference
on Network Protocols, 2004.
全文公開日期 本全文未授權公開 (校內網路)全文公開日期 本全文未授權公開 (校外網路)