Packet filtering in high speed networks
Proceedings of the tenth annual ACM-SIAM symposium on Discrete algorithms
A Scalable High Throughput Firewall in FPGA
FCCM '08 Proceedings of the 2008 16th International Symposium on Field-Programmable Custom Computing Machines
Resiliency of open-source firewalls against remote discovery of last-matching rules
Proceedings of the 2nd international conference on Security of information and networks
Hi-index | 0.00 |
Packet filtering is core functionality in many academic and corporate network systems. Firewalls use a rule database to decide which packets will be allowed from one network onto another thereby implementing a security policy. With the introduction of new types of services and applications there is a growing demand for larger bandwidth and also for improved security. Both demands are in conflict since providing security partly relies on screening packet traffic, which implies a considerable overhead. In such a scenario as LAN and WAN speeds are becoming comparable, a single firewall can become a bottleneck and reduces the overall throughput of the network. A firewall with heavy load and limited processing power, which is supposed to be a first line of defence against attacks, becomes susceptible to Denial of Service (DoS) attacks. Many research groups have proposed different methods to improve efficiency and throughput to optimize firewalls. This paper presents and analyse various parallel implementations of packet filtering running on cost effective GPGPU. We describe an approach to efficiently exploit the massively parallel capabilities of the GPGPU.