文档介绍:Abstract
String Matching Mechanism is widely used to work device, such as policy-based routing, network intrusion detection systems (NIDS), network monitoring systems, differentiated qualities of service and packets classification and traffic billing systems. With fast development of the , the weakness of the present String Matching Mechanism has been exposed. Traditional devices are using software string matching which has a low matching ability. And they cannot be used in Gigabyte or 10-work. The speed of string match has e the further development bottleneck of work devices, such as intrusion detection and packet classification. Hardware realizations of string matching are in necessity for these devices.
This paper accords two hardware string matching algorithms for intrusion detection device and classification device separately. The research methods of this paper are: (1) Analyze the characters of intrusion detection system and packet classification system. (2) Extract the requirements of the string matching algorithms for the two applications separately. (3) Design and implement two string matching algorithms according to the requirements and hardware character. (4) Verify the two implementations on mon verification system pare the result with existing designs. And embody the advantages of the new algorithms.
In the aspect work intrusion detection, the article presents a string matching bined with Bloom Filter and AC algorithm, which can do packets deep inspection. In the aspect of packet classification, the article also presents an improved Bloom Filter algorithm, which can classify streams by application layer. The first algorithm can process packets in the and the second one can process packets in the work. By contrast with traditional software method, they greatly increase the ability of processing of work device. And they are improved at low power consumption and resource usage.
These designs have been implemented in a FPGA chip that is embedded