| Summary: | 碩士 === 國立清華大學 === 資訊工程學系 === 94 === Regular expressions are widely used in Network Intrusion Detection System (NIDS) to represent attack patterns. Previously, many hardware architectures have been proposed to accelerate regular expression matching. In this thesis, we concentrate on two hardware architectures. One uses reconfigurable logic module on FPGA because FPGA allows for updating new attack patterns. The other uses memory-based algorithm. For the first logic-based architecture, because of increasing number of attacks, we need to accommodate large number of regular expressions on FPGA. Although the minimization of logic equations has been studied intensively in the area of computer-aided design (CAD), the minimization of multiple regular expressions has been largely neglected. This thesis presents a novel sharing architecture allowing our algorithm to extract and share common sub-regular expressions. Experimental results show that our sharing scheme significantly reduces the area of regular expression pattern matching circuits. For the second memory-based architecture, this thesis presents a novel sharing mechanism allowing our algorithm to share common sub-patterns resulting in the significant reduction of memory.
|
|---|
