| Summary: | 碩士 === 國立中央大學 === 資訊工程研究所 === 99 === With the rapid development of Internet, the network security is increasing attention. Network intrusion detection system is to achieve the important security protection for the malicious packets on the network . However, many current
network intrusion detection system that is implemented on the software
applications which become the bottleneck when the network speed has improved rapidly and need to detect on the network. So many of the hardware implementation on the way also have been proposed.
This study by Stanford University that developed in collaboration with Xilinx platform NetFPGA malicious network packet detection system to achieve the effect on the network, although the IC design on the FPGA are faster, parallel comparison
of the features, but the platform can use of limited resources, which led to the number of database features are limited. In the current network intrusion detection system hardware implementation, not only cost intensive but also because of the hardware circuit for the exact match for the string reduces network throughput, this study proposed a modified Bloom filter build on the set of different
characteristics than the string length groups for fast comparison on packet payload. Because Bloom filters through to compare the incidence of false positives will result, so this study also for the general filter and our proposed
Bloom filter for improving false positive rate on the analysis to minimize false positives occur.
|
|---|
