The present invention relates to a method for matching a high-speed snort rule and yara rule based on FPGA, which comprises: a rule conversion step of converting a snort rule and a yara rule in a detection rule converter, and storing a fixed pattern and a PCRE pattern in a memory on a hardware board; a pattern matching step of receiving a packet input from a network on the basis of the converted rule, and performing packet parsing in a packet FIFO and a high-speed packet processing module to separately perform matching with the fixed pattern and the PCRE pattern; a hash matching step of receiving a header value and a payload of the packet from the packet parsing to reconfigure a file, storing the same in a memory in an FPGA, and matching the same with hash values stored based on an additionally inputted packet to generate a mitigation control signal in a detection result processing module; and a packet forwarding step of reading the packet from the packet FIFO to determine whether to mitigate the packet, and continuously generating packet dropping and packet forwarding.
展开▼
