Design of Network Intrusion Detection System Based on FPGA
|School||Harbin Engineering University|
|Course||Computer System Architecture|
|Keywords||Intrusion Detection System FPGA MicroBlaze FSL|
With the rapid development of the Internet and the increasing of the internet bandwidth, network security has increasingly becoming a big problem. People need the performance of network security to be more excellent and Intrusion Detection System to be more efficient. Network-based Intrusion Detection System Based on FPGA is an important research direction of IDS and IDS realized by hardware is still the main parts of market.In the traditional FPGA-based Intrusion Detection System, it is mostly achieved by software to capturing data from network and its performance is generally not high. By studying FPGA-based Intrusion Detection System, this thesis designed a part of Intrusion Detection System which is based on FPGA to realize its network data-capturing module. When network flow is high, software-based network packet capturing program will loss some packets, and to meet the demand of high-speed network, this paper designs a data-capturing program based on Gigabit Ethernet MAC. The IDS designed in this paper uses a regular expression matching engine based on FPGA and detects data in parallel mode to improve the system performance. It uses MicroBlaze to be control unit, and uses Fast Simple Links to achieve data communication within the system. It improves the driver of FSL buses and realizes memory mapping mechanism to promoting the performance of the Intrusion Detection System. This system consists of eight modules, including the data-capturing module based on hardware, the data analysis module, the matching engine module and so on. Data is captures by data-capturing module and through the analysis, then to be detected by mating engine. The result of mating is transferred to response module by the FSL bus to response.By the experiment, the Intrusion Detection System designed in this paper could effectively detects network intrusions, and is suitable for modern high-speed network environment.