东北大学学报(自然科学版)

东北大学学报(自然科学版) ›› 2012, Vol. 33 ›› Issue (8): 1115-1119.DOI: -

• 论著 • 上一篇    下一篇

高速包分类平台的FPGA设计

李晶皎;许哲万;王爱侠;陈勇;   

  1. 东北大学信息科学与工程学院;金日成综合大学计算机科学大学;
  • 收稿日期:2013-06-19 修回日期:2013-06-19 发布日期:2013-04-04
  • 通讯作者: -
  • 作者简介:-
  • 基金资助:
    国家自然科学基金资助项目(60970157);;

Design of speed packet classification system based on FPGA

Li, Jing-Jiao (1); Ho, Chol-Man (1); Wang, Ai-Xia (1); Chen, Yong (1)   

  1. (1) School of Information Science and Engineering, Northeastern University, Shenyang 110819, China; (2) School of Computer Science, Kim Il Sung University, Pyongyang 999093, Korea, People's Democratic Rep
  • Received:2013-06-19 Revised:2013-06-19 Published:2013-04-04
  • Contact: Ho, C.-M.
  • About author:-
  • Supported by:
    -

RichHTML

0

PDF (PC)

703

摘要: 在网络安全系统中,基于软件的包分类系统受处理器性能与软件串行执行等因素影响,包分类速度有限.为了提高包分类和规则预处理的速度并快速适应规则的更新,本文用硬件电路与通过预规则处理生成的二叉树结构,设计并实现了基于FPGA的包分类系统.实验结果显示:50 000个规则的预处理时间不超过0.051 s;系统的包分类平均速度大于10 Gbit/s,Snort入侵检测系统的规则头的分类平均速度大于20 Gbit/s.

关键词: 包分类, FPGA, 二叉树, 入侵检测系统, 网络安全

Abstract: In the network security system, there is a limitation on the speed of software-based packet classification due to the processor performance, the serial program execution and so on. In order to improve the speed of packet classification and pre-processing for rules, and adapt to the rules updated quickly, a packet classification system based on FPGA was designed and implemented using hardware circuit and the binary tree structure generated through the pre-processing for rules. The experimental results show that the pre-processing time for 50000 rules is shorter than 0.051 s, the average speed of packet classification is bigger than 10 Gbit/s and the average speed of rule-header classification for Snort IDS is bigger than 20 Gbit/s.

中图分类号: