【摘要】 对网络中流通的数据进行截获分析是限制和打击网络黑客和网络犯罪的重要手段。然而目前基于有限状态机的截获算法由于实现成本和复杂度的限制,吞吐量较低,难以满足网络核心级的截获速度要求。该文以高速无感截获为目标,利用基于BCAM(b inary con ten t access ib le m em ory)的非状态机结构提出了一种可实现无感截获的高效易行方案。该方案从减少系统成本和实现复杂度出发,通过原创性地采用BCAM避开了设计状态机所需的复杂硬件结构,使方案更简洁高效,同时降低了系统成本,实现了汉字的高速过滤截获,能满足网络核心级,例如O c48链路速度(即2.5G b/s)无感截获系统的要求。更多还原

【Abstract】 The imperceptible capture mechanism on IP packages is an important approach to ensure network security.Finite state machines(FSM)-based capture systems are time-consuming so they can not meet the requirements of gigabit line rates.An efficient binary content accessible memory(BCAM)-based mechanism was used to develop a stateless high-speed imperceptible packet capture system instead of the conventional FSM solutions.The mechanism not only reduces the system cost,but also enhances the processing speed which improves the overall performance so that the system can be used with a core level(e.g.,Oc48 wire-speed) packet capture system.更多还原