A Framework for Rule Processing in Reconfigurable Network Systems

Authors:
Michael Attig;John Lockwood
Affiliations:
Washington University in Saint Louis;Washington University in Saint Louis
Venue:
FCCM '05 Proceedings of the 13th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Year:
2005

Citing 0
Cited 8

Enhanced Internet security by a distributed traffic control service based on traffic ownership

Journal of Network and Computer Applications
Collaborative detection and filtering of shrew DDoS attacks using spectral analysis

Journal of Parallel and Distributed Computing - Special issue: Security in grid and distributed systems
C is for circuits: capturing FPGA circuits as sequential code for portability

Proceedings of the 16th international ACM/SIGDA symposium on Field programmable gate arrays
An efficient FPGA implementation of principle component analysis based network intrusion detection system

Proceedings of the conference on Design, automation and test in Europe
Gnort: High Performance Network Intrusion Detection Using Graphics Processors

RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Performance Improvement by Means of Collaboration between Network Intrusion Detection Systems

CNSR '09 Proceedings of the 2009 Seventh Annual Communication Networks and Services Research Conference
Improving the accuracy of network intrusion detection systems under load using selective packet discarding

Proceedings of the Third European Workshop on System Security
Smart architecture for high-speed intrusion detection and prevention systems

CANS'06 Proceedings of the 5th international conference on Cryptology and Network Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

High-performance rule processing systems are needed by network administrators in order to protect Internet systems from attack. Researchers have been working to implement components of intrusion detection systems (IDS), such as the highly popular Snort system, in reconfigurable hardware. While considerable progress has been made in the areas of string matching and header processing, complete systems have not yet been demonstrated that effectively combine all of the functionality necessary to perform rule processing for network systems. In this paper, a framework for implementing a rule processing system in reconfigurable hardware is presented. The framework integrates the functionality to scan data flows for regular expressions, fixed strings, and header values. It also allows modules to be added to perform extended functionality to support all features found in Snort rules.Reconfigurability and flexibility are key components of the framework that enable it to adapt to protect Internet systems from threats including malicious worms, computer viruses, and network intruders. To prove the framework viable, a system has been built that scans all bytes of Transmission ControlProtocol/Internet Protocol (TCP/IP) traffic entering and leaving a networkýs gateway at multi-gigabit rates. Using Xilinx FPGA hardware on the Field programmable Port eXtender (FPX) platform, the framework can process 32,768 complex rules at data rates of 2.5 Gbps. Systems to handle data at 10 Gbps rates can be built today using the same framework in the latest reconfigurable hardware devices such as the Virtex 4.