Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Field programmable gate array-based (FPGA-based) intrusion detection system and method

An intrusion detection system and detection method technology, applied in the field of network security, can solve the problems of small capacity, high price, poor resource utilization, etc.

Inactive Publication Date: 2012-07-11
NORTHEASTERN UNIV
View PDF3 Cites 18 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, its resource utilization rate is relatively poor, and some special methods must be used to achieve the purpose of resource sharing.
Based on CAM, the string matching algorithm implemented by TCAM has a fast matching speed, but its price is quite expensive, its capacity is small, and its power consumption is large, so it is only suitable for small-scale rule bases.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Field programmable gate array-based (FPGA-based) intrusion detection system and method
  • Field programmable gate array-based (FPGA-based) intrusion detection system and method
  • Field programmable gate array-based (FPGA-based) intrusion detection system and method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0070] The present invention will be described in further detail below in conjunction with the accompanying drawings and embodiments.

[0071] This embodiment adopts a development board based on Cyclone II series FPGA chips, and the system uses Quartus II9.0 as a software development tool.

[0072] figure 1 It is a system block diagram of the present invention, including Ethernet driver circuit, FPGA, data buffer, hash memory, serial port driver circuit and host computer, wherein, the FPGA block diagram is as figure 2 As shown, the model of the FPGA chip is Cyclone II series EP2C70F896C6N, which is the controller of the system and controls the operation of the system; the Ethernet driver chip used is DM9000A, which controls the sending and receiving of system Ethernet data; the data buffer is capacity It is 512K*38 SSRAM chip IS61LPS51236A-200TQL, which stores the intermediate data of system operation; the hash memory is composed of two 16M*16 SDRAM memories, which store the...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a field programmable gate array-based (FPGA-based) intrusion detection system and a FPGA-based intrusion detection method and belongs to the technical field of network security. The invention is characterized in that FPGA-based intrusion detection method is designed and realized; the processing performance is promoted by a realization mode of a hardware circuit; packet classification is realized by selecting a binary tree structure packet classification algorithm; character matching is realized by adopting an exclusive or (XOR) Hash algorithm which is suitable for FPGA processing; the rule updating is realized through performing addition or correction on the basis of the original intrusion rule realization logic; and Hash collision is eliminated through a method of performing independent matching on the Hash collision.

Description

technical field [0001] The invention belongs to the technical field of network security, in particular to an FPGA-based intrusion detection system and method. Background technique [0002] As the network security is paid more and more attention, the intrusion detection system as the core technology and implementation difficulty of network security is also more and more concerned by people. The intrusion detection system includes two parts: character matching and packet classification. [0003] At present, the two parts of character matching and packet classification in intrusion security mainly adopt hardware and software methods at home and abroad. Among them, software-based matching algorithms include BM algorithm, Aho-Corasick algorithm, AC-BM improved algorithm, etc., whose processing speed is relatively slow, and it is difficult to meet the requirements of current network development. The more popular one based on hardware is the processing method based on FPGA. Using...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L12/26H04L29/06
Inventor 李晶皎陈勇许哲万
Owner NORTHEASTERN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products