This paper presents a pattern matching system that based on FPGA. This paper uses DM9000A to receive network data and uses Snort rule and HashMem function to match pattern. With software simulation the conflict pattern string of Snort rules found out and processed separately. So, conflict can be high-speed solved. The experimental results show that when processing more Snort rules, the system resource consumption increased very little, throughput is not affected, which has more advantage compared to the performance of traditional systems.%设计了一种基于FPGA的模式匹配系统,通过Verilog HDL语言实现系统主体;采用开源的Snort规则,选用由“异或”运算组成的适合FPGA处理的HashMem函数进行模式匹配;通过软件预处理找出Snort中的冲突模式串进行单独匹配从而用硬件方法解决冲突.硬件电路采用DM9000A网络控制器接收网络数据.实验结果显示,当处理的Snort规则数增多时,系统资源消耗低,吞吐量稳定,相比于传统系统随着规则数增加性能下降的特性,此系统更具优势.
展开▼
