隨著網際網路的蓬勃發展，在網路上的應用也日益增多，相對的網路安全問題也隨著網路的普及越來越受到重視，基於特徵比對之網路型入侵偵測系統便成為不可或缺的基礎防護。然而目前網路型入侵偵測系統大多實作於軟體之上，相對於網路進入高速傳輸的今日已不敷使用，且酬載內容比對相較於標頭比對需要較多的計算量，也成為軟體比對的瓶頸。本研究以史丹佛大學與Xilinx合作開發的NetFPGA平台設計網路惡意封包偵測器以達到快速比對效果，雖然在FPGA上設計之IC具有快速、平行比對、與快速雛型化之特性，但該平台所能使用的資源有限，而特徵資料庫需要不斷的更新以達到比對成效，故本研究以決策樹檢測封包之標頭節省電路資源消耗，再依標頭比對之架構建置多字串比對群組來進行封包酬載之比對，並且在每個字串群組以布隆過濾器濾掉沒有惡意嫌疑的酬載內容，並以改良式Karp-Rabin演算法降低布隆過濾器存有之誤報率且達到多比對之效果，本研究經由實驗證明此設計的確可以較少的資源利用達到快速且有效之比對結果。

Also day by day increases along with Internet''s rapid development in network''s application, the relative network security problem also more and more receives along with network''s popularization takes seriously, compared to then becomes the indispensable foundation protection based on the characteristic to it network intrusion detector. However present network intrusion detector is mostly solid does above the software, is opposite enters high speed transmission in the network today to use insufficiently, and the payload content need more computation loads, it also becomes the software compares to the bottleneck. This research using FPGA platform design network intrusion detector achieves by the Standford University and Xilinx cooperate development''s NetFPGA fast compared to the effect, although IC of design has fast on FPGA , but this platform can use the resources are limited, therefore this research saves the resources consumption by decision tree examine header, depends on it to establish the multi-strings group again to it construction to carry on ratio of the payload to the group to be more right than, and filters out the payload in each string groups by the Bloom Filter which does not have suspicion, and the improvement Karp-Rabin Algorithm calculating method reduces the Bloom Filter to have the rate of false alarm, and achieves multi-matching to it effect, this research by way of the experiment proved that this design indeed may the few resources use achieve fast and the effective ratio to the result.

[1] 魏雅笛， 「利用決策樹改善以FPGA為基礎之入侵偵測系統資源利用」， 國立中央大學資訊管理研究所碩士論文，2009。
[2] 蔡明利， 「應用於入侵偵測的有效率字串比對架構」， 國立成功大學資訊工程研究所碩士論文，2007。
[3] 李世弘， 「使用FPGA 實現應用於網路安全之可延展的字樣比對架構」，國立交通大學電信工程研究所碩士論文，2007。
[4] 施映男， 「超越10Gbps之超高速特徵比對電路設計及其在網路入侵偵測系統之應用」，國立台灣師範大學資訊工程研究所碩士論文，2007。
[5] 黃威智， 「在可程式化系統晶片中實現網路入侵偵測系統之高效能封包分類與比對電路」，國立台灣師範大學資訊工程研究所碩士論文，2007。
[6] Aho, A. V. and Corasick, M. J., ‘‘Efficient string matching: an aid to bibliographic search,’’ Communications of the ACM 18, June. 1975 Page(s): 333-340.
[7] Bloom, B. H., “Space/time trade-offs in hash coding with allowable errors,” Communications of the ACM, Volume 13, Issue 7, Page(s):422-426, 1970.
[8] Boyer, R. S. and Moore, J. S., ‘‘A fast string searching algorithm,’’ Communications of the ACM , 20 Oct., Page(s):762-772, 1977.
[9] Covington, G. A., Gibb, G., Naous, J., Lookwood, J. W. and McKeown, N., “Encouraging Reusable Network Hardware Design,” http://netfpga.org/ , 2009.
[10] Clark, C. R. and Ulmer, C. D., “Network intrusion detection systems on FPGAS with ON-Chip Network Interface,” In Proceedings of International Workshop onApplied Reconfigurable Computing, Algrave, Portugal, Feb., 2005.
[11] Charras, C. and Lecrop, T., “Handbook of Exact String Matching Algorithms,” http://www-igm.univ-mlv.fr/~lecroq/string/, King''s College Publications, 2004.
[12] Dharmapurikar, S. and Lockwood, J. W., “Fast and Scalable Pattern Matching for Network Intrusion Detection Systems,” Selected Areas in Communications, IEEE Journal on Volume 24, Issue 10, Oct., Page(s):1781-1792, 2006.
[13] Dharmapurikar, S. and Lockwood, J. W., “Fast and scalable pattern matching for content filtering,” Architecture for networking and communications systems, Symposium on 26-28 Oct, Page(s):183-192, 2005.
[14] Dharmapurikar, S., Krishnamurthy P., Sproull, T. S. and Lockwood, J. W., “Deep packet inspection using parallel bloom filters,” Micro, IEEE Volume 24, Issue 1, Jan.-Feb. Page(s):52-61,2004.
[15] Sourdis, I., Pnevmatikatos, D., and Vassiliadis, S., “An Evaluation of FPGA-based IDS Pattern Matching Techniques,” IEEE Transaction on information Forensics And Security, Vol.3, No. 1, March, 2008.
[16] Ho, J. T. L. and Lemieux, G. G. F., “PERG: A scalable FPGA-based pattern-matching engine with consolidated Bloomier filters,” Field-Programmable Technology International Conference on 8-10 Dec. Page(s):73-80,2008.
[17] Katashita, T., Yamaguchi Y., Madeda, A, and Toda, K., “Highly Efficient String Matching Circuit for IDS with FPGA,” Proceedings of the 14th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, Page(s):285-286,2004.
[18] Katashita, T., Yamaguchi Y., Madeda, A, and Toda, K., “FPGA-Based Intrusion Detection System for 10 Gigabit Ethernet,” The Institute of Electronics, Information and Communication Engineers Vol. E90-D, No.12 , 2007.
[19] Knuth, D.E., Morris, J. H. Jr. and Pratt, V. R. , “Fast pattern matching in strings,” SIAM Journal on Computing, 6(2), Page(s):323-350,1977.
[20] Manber,U. and Sun,W., “GLIMPSE: A Tool to Search Through Entire File Systems,” Usenix Winter Technical Conference, Jan. , Page(s): 23-32,1944.
[21] Proudfoot, R., Kent, K., Aubanel, E., and Chen, N. ,“Flexible Software-Hardware Network Intrusion Detection System,” Rapid System Prototyping, The 19th IEEE/IFIP International Symposium on Jun. 2-5, Page(s):182-188,2008.
[22] Yusuf, S., Luk W., Szeto, M. K. N., and Osborne, W. “UNITE: Uniform hardware-based Network Intrusion deTection Engine,” Applied Reconfigurable Computing (ARC), March, 2006.
[23] TWNIC-台灣網路資訊中心網路使用調查, http://map.twnic.net.tw/,2010.
[24] SNORT, http://www.winsnort.com/.
[25] Symantec Global Internet Security Threat Report,
http://www.symantec.com/business/theme.jsp?themeid=threatreport/.
[26] NetFPGA, http://www.netfpga.org/.
[27] Xilinx, http://www.xilinx.com/company/gettingstarted/.
[28] Zeus Botnet, http://antivirus.about.com/od/virusdescriptions/p/zeusbotnet.htm.