A dynamically reconfigured multi-FPGA network platform for high-speed malware collection

Authors:
Sascha Mühlbach;Andreas Koch
Affiliations:
Secure Things Group, Center for Advanced Security Research Darmstadt, Darmstadt, Germany;Department of Computer Science, Embedded Systems and Applications Group, Technische Universität Darmstadt, Darmstadt, Germany
Venue:
International Journal of Reconfigurable Computing - Special issue on Selected Papers from the International Conference on Reconfigurable Computing and FPGAs (ReConFig'10)
Year:
2012

Citing 12
Cited 1

Reprogrammable network packet processing on the field programmable port extender (FPX)

FPGA '01 Proceedings of the 2001 ACM/SIGDA ninth international symposium on Field programmable gate arrays
DynaCORE — A Dynamically Reconfigurable Coprocessor Architecture for Network Processors

PDP '06 Proceedings of the 14th Euromicro International Conference on Parallel, Distributed, and Network-Based Processing
NetFPGA--An Open Platform for Gigabit-Rate Network Switching and Routing

MSE '07 Proceedings of the 2007 IEEE International Conference on Microelectronic Systems Education
A Hybrid Ring/Mesh Interconnect for Network-on-Chip Using Hierarchical Rings for Global Routing

NOCS '07 Proceedings of the First International Symposium on Networks-on-Chip
Migrating a HoneyDepot to Hardware

SECUREWARE '07 Proceedings of the The International Conference on Emerging Security Information, Systems, and Technologies
Bitstream Encryption and Authentication Using AES-GCM in Dynamically Reconfigurable Systems

IWSEC '08 Proceedings of the 3rd International Workshop on Security: Advances in Information and Computer Security
Analysis of a reconfigurable network processor

IPDPS'06 Proceedings of the 20th international conference on Parallel and distributed processing
Customizing virtual networks with partial FPGA reconfiguration

ACM SIGCOMM Computer Communication Review
MalCoBox: Designing a 10 Gb/s Malware Collection Honeypot Using Reconfigurable Technology

FPL '10 Proceedings of the 2010 International Conference on Field Programmable Logic and Applications
A Dynamically Reconfigured Network Platform for High-Speed Malware Collection

RECONFIG '10 Proceedings of the 2010 International Conference on Reconfigurable Computing and FPGAs
A Scalable Multi-FPGA Platform for Complex Networking Applications

FCCM '11 Proceedings of the 2011 IEEE 19th Annual International Symposium on Field-Programmable Custom Computing Machines
The nepenthes platform: an efficient approach to collect malware

RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection

Decentralized control for dynamically reconfigurable FPGA systems

Microprocessors & Microsystems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Malicious software has become a major threat to computer users on the Internet today. Security researchers need to gather and analyze large sample sets to develop effective countermeasures. The setting of honeypots, which emulate vulnerable applications, is one method to collect attack code. We have proposed a dedicated hardware architecture for honeypots which allows both high-speed operation at 10Gb/s and beyond and offers a high resilience against attacks on the honeypot infrastructure itself. In this work, we refine the base NetStage architecture for better management and scalability. Using dynamic partial reconfiguration, we can now update the functionality of the honeypot during operation. To allow the operation of a larger number of vulnerability emulation handlers, the initial single-device architecture is extended to scalable multichip systems. We describe the technical aspects of these modifications and show results evaluating an implementation on a current quad-FPGA reconfigurable computing platform.