數據與結果

第五章實驗數據與結果

5.3 數據與結果

PF1 (Gbps) PF1_NMB (Gbps)

# of

patterns

Min Max Aver. Min Max Aver.

patterns

Min Max Aver. Min Max Aver.

第五章實驗數據與結果

1000 2000 3000 4000 5000 6000 7000 8000 9000 10000

The number of patterns

1000 2000 3000 4000 5000 6000 7000 8000 9000 10000

The number of patterns

The number of suspicious patterns

圖-5.5：PF1 與 PF1_NMB 所抓到的可疑字樣個數

第五章實驗數據與結果

表-5.3：PF1 與 PF1_NMB 之搜尋視窗平均移動次數和平均移動的位元組個數 Random files

(PF1/PF1_NMB) Real files (PF1/PF1_NMB)

# of

1,000

1334.2/1358.8 6.130/6.021 1307.7/1326.7 6.256/6.167

2,000

1459.6/1537.6 5.606/5.322 1410.3/1484.7 5.800/5.509

3,000

1562.6/1726 5.236/4.740 1494.3/1616.3 5.474/5.061

4,000

1672.8/1930 4.890/4.238 1583.3/1816.7 5.166/4.504

5,000

1773.2/2147.8 4.612/3.808 1663.0/1988.7 4.920/4.114

6,000

1872.6/2386.4 4.368/3.428 1755.3/2221.7 4.661/3.686

7,000

1953.8/2577.2 4.187/3.174 1836.0/2366.0 4.456/3.460

8,000

2051.2/2807.4 3.988/2.914 1926.7/2509.0 4.246/3.263

9,000

2135.4/3004.4 3.831/2.723 1981.7/2665.7 4.129/3.072

10,000

2209.8/3217.2 3.702/2.543 2060.0/2869.7 3.971/2.857

PF1：random PF1_NMB：random PF1：real PF1_NMB：real

1000 2000 3000 4000 5000 6000 7000 8000 9000 10000

The number of patterns

The number of shift bytes

圖-5.6：PF1 與 PF1_NMB 的平均移動的位元組個數表現

第五章實驗數據與結果

PF2 (Gbps) PF2_NMB (Gbps)

# of

patterns

Min Max Aver. Min Max Aver.

patterns

Min Max Aver. Min Max Aver.

第五章實驗數據與結果

PF1 & PF2：random PF1_NMB & PF2_NMB：random PF1 & PF2：real PF1_NMB & PF2_NMB：real

2.780

1000 2000 3000 4000 5000 6000 7000 8000 9000 10000

The number of patterns

1000 2000 3000 4000 5000 6000 7000 8000 9000 10000 The number of patterns

第五章實驗數據與結果

表-5.6：PF2 與 PF2_NMB 之搜尋視窗平均移動次數和平均移動的位元組個數 Random files

(PF2/PF2_NMB) Real files (PF2/PF2_NMB)

# of

1,000

1334.2/1358.8 6.130/6.021 1307.7/1326.7 6.256/6.167

2,000

1459.6/1537.6 5.606/5.322 1410.3/1484.7 5.800/5.509

3,000

1562.6/1726 5.236/4.740 1494.3/1616.3 5.474/5.061

4,000

1672.8/1930 4.890/4.238 1583.3/1816.7 5.166/4.504

5,000

1773.2/2147.8 4.612/3.808 1663.0/1988.7 4.920/4.114

6,000

1872.6/2386.4 4.368/3.428 1755.3/2221.7 4.661/3.686

7,000

1953.8/2577.2 4.187/3.174 1836.0/2366.0 4.456/3.460

8,000

2051.2/2807.4 3.988/2.914 1926.7/2509.0 4.246/3.263

9,000

2135.4/3004.4 3.831/2.723 1981.7/2665.7 4.129/3.072

10,000

2209.8/3217.2 3.702/2.543 2060.0/2869.7 3.971/2.857

PF1 & PF2：random PF1_NMB & PF2_NMB：random

1000 2000 3000 4000 5000 6000 7000 8000 9000 10000

The number of patterns

第六章結論

我們可以看到原先依演算法所設計之預先過濾器可操作於 170 MHz 的頻率之上。在生產量方面，最高可近 2.9 Gbps(當字樣集合內僅有 1000 隻字樣)，最差也有近 1.7 Gbps(當字樣集合內僅有 10,000 隻字樣)，這個結果達到了我們預先設定之目標，這使得我們的每一個單位面積可提供的生產量最差亦有約 0.24 Gbps/BlockRAM；在偵測可疑字樣的個數方面，由於我們僅用一個雜湊函數去代表 MQM7 之結果，這使得誤報率居高不下，造成驗證器過於忙碌，使其整體系統生產量無法上來。因此，我們設計出了 PF2 版本，主要改善誤報率並盡量維持現有的生產量的表現。

PF2 版本可操作於 170 MHz 的頻率之上。在生產量方面，最高可近 2.9 Gbps(當字樣集合內僅有 1000 隻字樣)，最差也有近 1.7 Gbps(當字樣集合內僅有 10,000 隻字樣)，這個結果與 PF1 的生產量表現相同，但在偵測可疑字樣的個數方面，由於我們用了兩個雜湊函數去代表 MQM7 之結果，這使得誤報率大幅下降，最高的級差約 37 倍，這意味著所偵測可疑字樣的個數僅是 PF1 的 1

37 (在字樣集合內有 1000 隻字樣時，PF1 偵測可疑字樣的個數為 74，PF2 偵測可疑字樣的個數為 2)。

PF3 版本可操作於 84.5 MHz 的頻率之上。此版本為基於 PF2 的偵測可疑字樣的個數之表現下，改善其功率之消耗。若以 PF1 為基準，PF3 的功率表現上大幅降低了 75%，但付出了在生產量上的表現，約僅剩 51%。

參考文獻

[1] D. Knuth, J. Morris and V. Pratt, “Fast pattern matching in strings,” TR CS-74-440, Stanford University, Stanford California, 1974

[2] R. S. Boyer and J. S. Moore. “A Fast String Searching Algorithm,” Comm. of the ACM, vol. 20, issue 10, pp.762-772, Oct. 1977.

[3] S. Wu and U. Manber, “A fast algorithm for multi-pattern searching," Tech. Rep.

TR94-17, Dept. Comput. Sci., Univ. Arizona, May 1994.

[4] A. Aho and M. Corasick, “Efficient string matching: An aid to bibliographic search,” Comm. of the ACM, vol. 18, issue 6, pp.333-343, Jun. 1975.

[5] S. Dharmapurikar, P. Krishnamurthy, T. Sproull, and J. Lockwood, “Deep packet inspection using parallel bloom filters,” Symposium on High-Performance Interconnect (HotI), Stanford, CA, pp. 44-51, Aug. 2003.

[6] L. Tan and T. Sherwood, “A high throughput string matching architecture for intrusion detection and prevention,” 32nd Annual International Symposium on Computer Architecture, pp. 112-122, 2005.

[7] R. Sidhu and V. K. Prasanna, “Fast regular expression matching using FPGAs,”

IEEE Symposium on Field Programmable Custom Computing Machines (FCCM), Rohnert Park, CA, 2001.

[8] Clam anti virus signature database, www.clamav.net.

[9] T.H. Ptacek, T.N. Newsham, “Insertion, Evasion, and Denial of Service:

Eluding Network Intrusion Detection”, Secure Networks Inc. Report, January 1998

[10] L. Tan and T. Sherwood, “Architectures for Bit-Split String Scanning in Intrusion Detection,” IEEE Micro, Vol.26, pp. 110-117, 2006

[11] N. Tuck, T. Sherwood, B. Calder, and G. Varghese, “Deterministic memory-efficient string matching algorithms for intrusion detection,” IEEE Infocom 2004, pp. 333-340.

[12] T. H. Lee and J. C. Liang, “A high-performance memory-efficient pattern matching algorithm and its implementation,” IEEE Tencon, Hong-Kong, 2006.

[13] L. Tan and T. Sherwood, “A high throughput string matching architecture for intrusion detection and prevention,” 32nd Annual International Symposium on Computer Architecture, pp. 112-122, 2005

[14] Y. Sugawara, M. Inaba and K. Hiraki, “Over 10Gbps string matching mechanism for multi-stream packet scanning systems,” Field Programmable Logic and Application, Vol. 3203, Sep. 2004, pp. 484-493.

[15] C. R. Clark, D. E. Schimmel. “Scalable Pattern Matching for High Speed Networks.” Proc. of 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM'04), 2004

附錄一各合成器合成之結果

附錄一

各合成器合成(Synthesize)之結果

一、使用 Xilinx ISE 8.1i 內建合成器(Synthesizer)，XST

1. PF1 Timing Summary:

---

Speed Grade: -6

Minimum period:

5.886ns

(Maximum Frequency:

169.909MHz

) Minimum input arrival time before clock: 3.072ns

Maximum output required time after clock: 6.503ns Maximum combinational path delay: No path found

Timing Detail:

---

All values displayed in nanoseconds (ns)

===========================================================

Timing constraint: Default period analysis for Clock 'clk_p' Clock period: 5.886ns (frequency: 169.909MHz) Total number of paths / destination ports: 2026 / 181

---

Delay: 5.886ns (Levels of Logic = 16) Source: hashgen/B_5 (FF)

Destination: input_contr/PF2TextAddr_10 (FF) Source Clock: clk_p rising

Destination Clock: clk_p rising

Data Path: hashgen/B_5 to input_contr/PF2TextAddr_10

附錄一各合成器合成之結果 LUT4_L:I2->LO 1 0.313 0.128 input_contr/InContr_02_xo<0>64 (input_contr/InContr_02_xo<0>_map1001) LUT4:I2->O 1 0.313 0.506 input_contr/InContr_02_xo<0>109 (input_contr/addr_text<2>)

Minimum period:

4.968ns

(Maximum Frequency:

201.303MHz

) Minimum input arrival time before clock: 3.063ns

Maximum output required time after clock: 6.049ns Maximum combinational path delay: No path found

Timing Detail:

附錄一各合成器合成之結果

All values displayed in nanoseconds (ns)

===========================================================

Timing constraint: Default period analysis for Clock 'clk_p' Clock period: 4.968ns (frequency: 201.303MHz) Total number of paths / destination ports: 1713 / 171

---

Delay: 4.968ns (Levels of Logic = 14) Source: input_contr/PF2TextAddr_12 (FF) Destination: input_contr/PF2TextAddr_10 (FF) Source Clock: clk_p rising

Destination Clock: clk_p rising

Data Path: input_contr/PF2TextAddr_12 to input_contr/PF2TextAddr_10 Gate Net

附錄一各合成器合成之結果

Minimum input arrival time before clock: 3.072ns Maximum output required time after clock: 6.503ns Maximum combinational path delay: No path found

Timing Detail:

---

All values displayed in nanoseconds (ns)

===========================================================

Timing constraint: Default period analysis for Clock 'clk_p' Clock period: 5.886ns (frequency: 169.909MHz) Total number of paths / destination ports: 1949 / 181

---

Delay: 5.886ns (Levels of Logic = 16) Source: hashgen/B_5 (FF)

Destination: input_contr/PF2TextAddr_10 (FF) Source Clock: clk_p rising

Destination Clock: clk_p rising

Data Path: hashgen/B_5 to input_contr/PF2TextAddr_10 Gate Net LUT4_L:I2->LO 1 0.313 0.128 input_contr/InContr_02_xo<0>64 (input_contr/InContr_02_xo<0>_map1001) LUT4:I2->O 1 0.313 0.506 input_contr/InContr_02_xo<0>109 (input_contr/addr_text<2>)

LUT2_D:I1->LO 2 0.313 0.000 input_contr/InContr__n0002<0>lut (N1460)

MUXCY:S->O 1 0.377 0.000 input_contr/InContr__n0002<0>cy (input_contr/InContr__n0002<0>_cyo) MUXCY:CI->O 1 0.041 0.000 input_contr/InContr__n0002<1>cy (input_contr/InContr__n0002<1>_cyo)

附錄一各合成器合成之結果 Minimum input arrival time before clock: 3.063ns

Maximum output required time after clock: 6.049ns Maximum combinational path delay: No path found

Timing Detail:

---

All values displayed in nanoseconds (ns)

===========================================================

Timing constraint: Default period analysis for Clock 'clk_p' Clock period: 4.968ns (frequency: 201.303MHz) Total number of paths / destination ports: 1712 / 171

---

Delay: 4.968ns (Levels of Logic = 14) Source: input_contr/PF2TextAddr_12 (FF) Destination: input_contr/PF2TextAddr_10 (FF) Source Clock: clk_p rising

Destination Clock: clk_p rising

附錄一各合成器合成之結果

Data Path: input_contr/PF2TextAddr_12 to input_contr/PF2TextAddr_10 Gate Net

Minimum period:

11.583ns

(Maximum Frequency:

86.337MHz

) Minimum input arrival time before clock: 3.090ns

Maximum output required time after clock: 7.288ns Maximum combinational path delay: No path found

Timing Detail:

附錄一各合成器合成之結果

All values displayed in nanoseconds (ns)

===========================================================

Timing constraint: Default period analysis for Clock 'clk_p' Clock period: 11.583ns (frequency: 86.337MHz) Total number of paths / destination ports: 180092 / 324

---

Delay: 11.583ns (Levels of Logic = 22) Source: textram/textram2 (RAM) Destination: input_contr/PF2TextAddr_10 (FF) Source Clock: clk_p rising

Destination Clock: clk_p rising

Data Path: textram/textram2 to input_contr/PF2TextAddr_10 Gate Net

Cell:in->out fanout Delay Delay Logical Name (Net Name)

--- ---

RAMB16_S9_S9:CLKA->DOA4 6 1.500 0.640 textram/textram2 (textram/textram2data_A<4>) LUT3_L:I1->LO 1 0.313 0.000 textram/Text2PFData<12>1111_F (N1581)

MUXF5:I0->O 6 0.340 0.667 textram/Text2PFData<12>1111 (text2pfdata<12>) LUT4:I0->O 3 0.313 0.495 hashgen/HashGen_05_xo<2>1 (hashgen/xo_hash1/_n0018) LUT4:I2->O 15 0.313 0.761 hashgen/HashGen_025_xo<5>1_1 (hashgen/HashGen_025_xo<5>1) LUT3:I2->O 1 0.313 0.440 hashgen/MQMOut<4>32_SW0 (N1360)

LUT4_L:I3->LO 1 0.313 0.000 hashgen/MQMOut<4>1261_F (N1625) MUXF5:I0->O 8 0.340 0.678 hashgen/MQMOut<4>1261 (mqmout<4>)

LUT4:I1->O 1 0.313 0.418 input_contr/InContr_addr_text<2>_xor126_SW0 (N1382)

LUT4_L:I2->LO 1 0.313 0.128 input_contr/InContr_addr_text<2>_xor164 (input_contr/InContr_addr_text<2>_xor1_map563) LUT4:I2->O 1 0.313 0.506 input_contr/InContr_addr_text<2>_xor1109 (input_contr/addr_text<2>)

LUT2_L:I1->LO 2 0.313 0.000 input_contr/InContr__n0003<0>lut (input_contr/N6)

MUXCY:S->O 1 0.377 0.000 input_contr/InContr__n0003<0>cy (input_contr/InContr__n0003<0>_cyo) MUXCY:CI->O 1 0.041 0.000 input_contr/InContr__n0003<1>cy (input_contr/InContr__n0003<1>_cyo) MUXCY:CI->O 1 0.041 0.000 input_contr/InContr__n0003<2>cy (input_contr/InContr__n0003<2>_cyo) MUXCY:CI->O 1 0.041 0.000 input_contr/InContr__n0003<3>cy (input_contr/InContr__n0003<3>_cyo) MUXCY:CI->O 1 0.041 0.000 input_contr/InContr__n0003<4>cy (input_contr/InContr__n0003<4>_cyo) MUXCY:CI->O 1 0.041 0.000 input_contr/InContr__n0003<5>cy (input_contr/InContr__n0003<5>_cyo) MUXCY:CI->O 1 0.041 0.000 input_contr/InContr__n0003<6>cy (input_contr/InContr__n0003<6>_cyo) MUXCY:CI->O 1 0.041 0.000 input_contr/InContr__n0003<7>cy (input_contr/InContr__n0003<7>_cyo) MUXCY:CI->O 1 0.041 0.000 input_contr/InContr__n0003<8>cy (input_contr/InContr__n0003<8>_cyo)

附錄一各合成器合成之結果

MUXCY:CI->O 0 0.041 0.000 input_contr/InContr__n0003<9>cy (input_contr/InContr__n0003<9>_cyo) XORCY:CI->O 1 0.868 0.000 input_contr/InContr__n0003<10>_xor (input_contr/_n0003<10>) FDCE:D 0.234 input_contr/PF2TextAddr_10

Minimum period:

11.530ns

(Maximum Frequency:

86.734MHz

) Minimum input arrival time before clock: 3.087ns

Maximum output required time after clock: 7.288ns Maximum combinational path delay: No path found

Timing Detail:

---

All values displayed in nanoseconds (ns)

===========================================================

Timing constraint: Default period analysis for Clock 'clk_p' Clock period: 11.530ns (frequency: 86.734MHz) Total number of paths / destination ports: 162365 / 317

Destination Clock: clk_p rising

Data Path: textram/textram0 to input_contr/PF2TextAddr_10 Gate Net

Cell:in->out fanout Delay Delay Logical Name (Net Name)

--- ---

附錄一各合成器合成之結果

LUT3_L:I1->LO 1 0.313 0.000 textram/Text2PFData<25>1111_F (N1568) MUXF5:I0->O 8 0.340 0.705 textram/Text2PFData<25>1111 (text2pfdata<25>) LUT4:I0->O 8 0.313 0.612 hashgen/HashGen_024_xo<1>1_SW0 (N1337)

LUT4:I3->O 4 0.313 0.514 hashgen/HashGen_024_xo<1>1_1 (hashgen/HashGen_024_xo<1>1) LUT4:I2->O 1 0.313 0.440 hashgen/mqm_A<6>27 (hashgen/mqm_A<6>_map2167) LUT4:I3->O 3 0.313 0.517 hashgen/mqm_A<6>112 (mqmout<6>)

LUT4_D:I3->LO 1 0.313 0.243 input_contr/InContr_addr_text<2>_xor128_SW0 (N1619) LUT2:I0->O 1 0.313 0.440 input_contr/InContr_addr_text<2>_xor164_SW0 (N1374)

LUT4_L:I3->LO 1 0.313 0.128 input_contr/InContr_addr_text<2>_xor164 (input_contr/InContr_addr_text<2>_xor1_map2203) LUT4:I2->O 1 0.313 0.506 input_contr/InContr_addr_text<2>_xor1108 (input_contr/addr_text<2>)

LUT2_L:I1->LO 2 0.313 0.000 input_contr/InContr__n0003<0>lut (input_contr/N6)

---

Total 11.530ns (6.823ns logic, 4.707ns route) (59.2% logic, 40.8% route)

二、使用 Synplicity 公司的合成器，Synplify Pro 8.6.2

1. PF1

Performance Summary

*******************

附錄一各合成器合成之結果 Note: 'No paths' indicates there are no paths in the design for that pair of clock edges.

'Diff grp' indicates that paths exist but the starting clock and ending clock are in different clock groups.

附錄一各合成器合成之結果

Note: 'No paths' indicates there are no paths in the design for that pair of clock edges.

'Diff grp' indicates that paths exist but the starting clock and ending clock are in different clock groups.

3. PF2

Performance Summary

*******************

Worst slack in design: 0.034

Requested Estimated Requested Estimated Clock Clock Starting Clock Frequency Frequency Period Period Slack Type Group

---

System | clk_p 161.0 MHz 161.9 MHz 6.211 6.177 0.034 inferred Inferred_clkgroup_0

======================================================================================

Clock Relationships

*******************

Clocks | rise to rise | fall to fall | rise to fall | fall to rise

---

Starting Ending | constraint slack | constraint slack | constraint slack | constraint slack ---

'Diff grp' indicates that paths exist but the starting clock and ending clock are in different clock groups.

4. PF2_NMB Performance Summary

*******************

Worst slack in design: 0.084

Requested Estimated Requested Estimated Clock Clock Starting Clock Frequency Frequency Period Period Slack Type Group

---

System | clk_p 161.0 MHz 163.2 MHz 6.211 6.128 0.084 inferred Inferred_clkgroup_0

======================================================================================

附錄一各合成器合成之結果

Clock Relationships

*******************

Clocks | rise to rise | fall to fall | rise to fall | fall to rise

---

Starting Ending | constraint slack | constraint slack | constraint slack | constraint slack ---

'Diff grp' indicates that paths exist but the starting clock and ending clock are in different clock groups.

5. PF3

Performance Summary

*******************

Worst slack in design: -1.553

Requested Estimated Requested Estimated Clock Clock Starting Clock Frequency Frequency Period Period Slack Type Group

---

System | clk_p 100.0 MHz 86.6 MHz 10.000 11.553 -1.553 inferred Inferred_clkgroup_0

======================================================================================

Clock Relationships

*******************

Clocks | rise to rise | fall to fall | rise to fall | fall to rise

---

Starting Ending | constraint slack | constraint slack | constraint slack | constraint slack ---

'Diff grp' indicates that paths exist but the starting clock and ending clock are in different clock groups.

6. PF3_NMB Performance Summary

附錄一各合成器合成之結果

Worst slack in design: -1.190

Requested Estimated Requested Estimated Clock Clock Starting Clock Frequency Frequency Period Period Slack Type Group

---

System | clk_p 100.0 MHz 89.4 MHz 10.000 11.190 -1.190 inferred Inferred_clkgroup_0

======================================================================================

Clock Relationships

*******************

Clocks | rise to rise | fall to fall | rise to fall | fall to rise

---

Starting Ending | constraint slack | constraint slack | constraint slack | constraint slack ---

'Diff grp' indicates that paths exist but the starting clock and ending clock are in different clock groups.

在文檔中使用FPGA實現應用於網路安全之可延展的字樣比對架構 (頁 54-74)

第五章 實驗數據與結果

5.3 數據與結果

Min Max Aver. Min Max Aver.

Min Max Aver. Min Max Aver.

(PF1/PF1_NMB) Real files (PF1/PF1_NMB)

1,000

2,000

3,000

4,000

5,000

6,000

7,000

8,000

9,000

10,000

Min Max Aver. Min Max Aver.

Min Max Aver. Min Max Aver.

(PF2/PF2_NMB) Real files (PF2/PF2_NMB)

1,000

2,000

3,000

4,000

5,000

6,000

7,000

8,000

9,000

10,000

第六章 結 論

參 考 文 獻

附 錄 一

各合成器合成(Synthesize)之結果

一、 使用 Xilinx ISE 8.1i 內建合成器(Synthesizer)，XST

---

5.886ns

169.909MHz

---

===========================================================

---

4.968ns

201.303MHz

===========================================================

---

---

===========================================================

---

---

===========================================================

---

11.583ns

86.337MHz

===========================================================

---

--- ---

11.530ns

86.734MHz

---

===========================================================

--- ---

二、 使用 Synplicity 公司的合成器，Synplify Pro 8.6.2

第五章實驗數據與結果

第六章結論

參考文獻

附錄一

一、使用 Xilinx ISE 8.1i 內建合成器(Synthesizer)，XST

二、使用 Synplicity 公司的合成器，Synplify Pro 8.6.2