基于FPGA的抗網(wǎng)絡(luò)攻擊關(guān)鍵技術(shù)研究
發(fā)布時間:2018-11-09 11:39
【摘要】:網(wǎng)絡(luò)安全問題一直伴隨著計算機網(wǎng)絡(luò)的發(fā)展,隨著互聯(lián)網(wǎng)應(yīng)用的不斷擴展和網(wǎng)絡(luò)帶寬的不斷提高,基于硬件的網(wǎng)絡(luò)安全防護(hù)技術(shù)作為最有效的訪問控制手段,在性能不斷提升的同時也針對不同的應(yīng)用領(lǐng)域發(fā)展新的架構(gòu),如專用集成電路(ASIC)、網(wǎng)絡(luò)處理器(NP)、現(xiàn)場可編程門陣列(FPGA)等;贔PGA的網(wǎng)絡(luò)安全防護(hù)技術(shù)具有可編程、擴展性好、設(shè)計周期短等特點,可以有效地根據(jù)不同應(yīng)用領(lǐng)域設(shè)計專用的安全控制策略。 本文設(shè)計了一種基于FPGA的網(wǎng)絡(luò)安全防護(hù)平臺,并在此基礎(chǔ)上開展抗網(wǎng)絡(luò)攻擊關(guān)鍵技術(shù)的研究。論文介紹了FPGA網(wǎng)絡(luò)安全平臺的硬件系統(tǒng)架構(gòu),詳細(xì)討論了網(wǎng)絡(luò)通信電路與FPGA系統(tǒng)的電路原理。針對不同網(wǎng)絡(luò)攻擊手段的特點,將網(wǎng)絡(luò)單向傳輸控制、協(xié)議及內(nèi)容過濾歸一化為數(shù)據(jù)包過濾問題,給出了RTL代碼的架構(gòu),并詳細(xì)介紹了網(wǎng)卡芯片驅(qū)動模塊、基于CAM的數(shù)據(jù)包過濾引擎以及半雙工調(diào)度機制的設(shè)計方法。采用層次化的方法對雙向數(shù)據(jù)轉(zhuǎn)發(fā)、網(wǎng)絡(luò)安全防護(hù)等功能分步測試,給出了每個步驟的測試系統(tǒng)、測試方法與結(jié)果分析。 實驗結(jié)果表明,本文設(shè)計的FPGA網(wǎng)絡(luò)安全防護(hù)平臺能夠?qū)崿F(xiàn)網(wǎng)絡(luò)數(shù)據(jù)的轉(zhuǎn)發(fā)與處理,不同安全防護(hù)策略下的測試結(jié)果驗證了本文設(shè)計的基于數(shù)據(jù)包過濾引擎的網(wǎng)絡(luò)安全防護(hù)架構(gòu)的有效性。
[Abstract]:Network security has been accompanied by the development of computer network. With the continuous expansion of Internet applications and the continuous improvement of network bandwidth, hardware-based network security protection technology is the most effective means of access control. At the same time, new architectures have been developed for different application fields, such as (NP), Field Programmable Gate Array (FPGA) of ASIC (ASIC), network processor and so on. The network security protection technology based on FPGA has the characteristics of programmable, good expansibility and short design period, so it can effectively design special security control strategy according to different application fields. In this paper, a network security protection platform based on FPGA is designed, and the key technologies against network attack are studied. The hardware architecture of FPGA network security platform is introduced in this paper. The circuit principle of network communication circuit and FPGA system is discussed in detail. According to the characteristics of different network attack methods, the network one-way transmission control, protocol and content filtering are normalized to packet filtering. The structure of RTL code is given, and the driving module of network card chip is introduced in detail. The design method of packet filtering engine and half duplex scheduling mechanism based on CAM. The functions of bidirectional data forwarding and network security protection are tested step by hierarchical method. The test system, test method and result analysis of each step are given. The experimental results show that the FPGA network security protection platform designed in this paper can transmit and process the network data. The test results under different security strategies verify the effectiveness of the proposed network security protection architecture based on packet filtering engine.
【學(xué)位授予單位】:天津大學(xué)
【學(xué)位級別】:碩士
【學(xué)位授予年份】:2014
【分類號】:TP393.08
本文編號:2320304
[Abstract]:Network security has been accompanied by the development of computer network. With the continuous expansion of Internet applications and the continuous improvement of network bandwidth, hardware-based network security protection technology is the most effective means of access control. At the same time, new architectures have been developed for different application fields, such as (NP), Field Programmable Gate Array (FPGA) of ASIC (ASIC), network processor and so on. The network security protection technology based on FPGA has the characteristics of programmable, good expansibility and short design period, so it can effectively design special security control strategy according to different application fields. In this paper, a network security protection platform based on FPGA is designed, and the key technologies against network attack are studied. The hardware architecture of FPGA network security platform is introduced in this paper. The circuit principle of network communication circuit and FPGA system is discussed in detail. According to the characteristics of different network attack methods, the network one-way transmission control, protocol and content filtering are normalized to packet filtering. The structure of RTL code is given, and the driving module of network card chip is introduced in detail. The design method of packet filtering engine and half duplex scheduling mechanism based on CAM. The functions of bidirectional data forwarding and network security protection are tested step by hierarchical method. The test system, test method and result analysis of each step are given. The experimental results show that the FPGA network security protection platform designed in this paper can transmit and process the network data. The test results under different security strategies verify the effectiveness of the proposed network security protection architecture based on packet filtering engine.
【學(xué)位授予單位】:天津大學(xué)
【學(xué)位級別】:碩士
【學(xué)位授予年份】:2014
【分類號】:TP393.08
【參考文獻(xiàn)】
相關(guān)期刊論文 前5條
1 楊柳;鐘誠;呂婉琪;張瑩;唐印滸;姬鑫;;一種高效的安全數(shù)據(jù)包過濾算法[J];蘭州大學(xué)學(xué)報(自然科學(xué)版);2012年04期
2 張永錚;肖軍;云曉春;王風(fēng)宇;;DDoS攻擊檢測和控制方法[J];軟件學(xué)報;2012年08期
3 肖軍;韓黨群;儲海燕;畢楊;;基于ARM的嵌入式TCP/IP協(xié)議的實現(xiàn)[J];現(xiàn)代電子技術(shù);2009年02期
4 顧華詳;;中國信息安全面臨的挑戰(zhàn)及法治策略探討[J];中國浦東干部學(xué)院學(xué)報;2010年04期
5 劉浩然;廖聰;;對Ping命令的代碼級分析研究[J];現(xiàn)代計算機(專業(yè)版);2009年03期
,本文編號:2320304
本文鏈接:http://sikaile.net/guanlilunwen/ydhl/2320304.html
最近更新
教材專著
