A case for two-way skewed-associative caches
ISCA '93 Proceedings of the 20th annual international symposium on computer architecture
Empirically derived analytic models of wide-area TCP connections
IEEE/ACM Transactions on Networking (TON)
Wide area traffic: the failure of Poisson modeling
IEEE/ACM Transactions on Networking (TON)
Self-similarity in World Wide Web traffic: evidence and possible causes
Proceedings of the 1996 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
IEEE/ACM Transactions on Networking (TON)
Self-similarity and heavy tails: structural modeling of network traffic
A practical guide to heavy tails
Proceedings of the seventeenth ACM symposium on Operating systems principles
Space/time trade-offs in hash coding with allowable errors
Communications of the ACM
Performance Evaluation with Heavy Tailed Distributions
JSSPP '01 Revised Papers from the 7th International Workshop on Job Scheduling Strategies for Parallel Processing
Efficient packet classification for network intrusion detection using FPGA
Proceedings of the 2005 ACM/SIGDA 13th international symposium on Field-programmable gate arrays
SPANIDS: a scalable network intrusion detection loadbalancer
Proceedings of the 2nd conference on Computing frontiers
Fast hash table lookup using extended bloom filter: an aid to network processing
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
SIFT: Snort Intrusion Filter for TCP
HOTI '05 Proceedings of the 13th Symposium on High Performance Interconnects
Efficient filtering support for high-speed network intrusion detection
Efficient filtering support for high-speed network intrusion detection
Denial of service via algorithmic complexity attacks
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Very fast containment of scanning worms
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Worms vs. perimeters: the case for hard-LANs
HOTI '04 Proceedings of the High Performance Interconnects, 2004. on Proceedings. 12th Annual IEEE Symposium
SANE: a protection architecture for enterprise networks
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Stealthy malware detection through vmm-based "out-of-the-box" semantic view reconstruction
Proceedings of the 14th ACM conference on Computer and communications security
Proceedings of the 14th ACM conference on Computer and communications security
DPICO: a high speed deep packet inspection engine using compact finite automata
Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
The input-aware dynamic adaptation of area and performance for reconfigurable accelerator
Proceedings of the ACM/SIGDA international symposium on Field programmable gate arrays
A scalable multi-core aware software architecture for high-performance network monitoring
Proceedings of the 2nd international conference on Security of information and networks
ACM Transactions on Information and System Security (TISSEC)
Per flow packet sampling for high-speed network monitoring
COMSNETS'09 Proceedings of the First international conference on COMmunication Systems And NETworks
Slimming down Deep packet inspection systems
INFOCOM'09 Proceedings of the 28th IEEE international conference on Computer Communications Workshops
Scalable network virtualization using FPGAs
Proceedings of the 18th annual ACM/SIGDA international symposium on Field programmable gate arrays
The NIDS cluster: scalable, stateful network intrusion detection on commodity hardware
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Distributed intrusion detection with intelligent network interfaces for future networks
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
State of the Practice Reports
A high-performance and scalable multi-core aware software solution for network monitoring
The Journal of Supercomputing
Deep packet inspection tools and techniques in commodity platforms: Challenges and trends
Journal of Network and Computer Applications
A regular expression matching engine with hybrid memories
Computer Standards & Interfaces
Hi-index | 0.00 |
The sophistication and complexity of analysis performed by today's network intrusion prevention systems (IPSs) benefits greatly from implementation using general-purpose CPUs. Yet the performance of such CPUs increasingly lags behind that necessary to process today's high-rate traffic streams. A key observation, however, is that much of the traffic comprising a high-volume stream can, after some initial analysis, be qualified as "likely uninteresting." To this end, we have developed an in-line, FPGA-based IPS ac-celerator, the Shunt, using the NetFPGA2 platform. The Shunt functions as the forwarding device used by the IPS; it alone processes the bulk of the traffic, offloading the memory bus and leaving the CPU free to inspect the subset of the traffic deemed germane for security analysis. To do so, the Shunt maintains several large state tables indexed by packet header fields, including IP/TCP flags, source and destination IP addresses, and connection tuples. The tables yield decision values the element makes on a packet-by-packet basis: forward the packet, drop it, or divert it through the IPS. By manipulating table entries, the IPS can specify the traffic it wishes to examine, directly block malicious traffic, and "cut through" traffic streams once it has had an opportunity to "vet" them, all on a fine-grained basis. We base our design on a novel series of caches, with a "fail safe" miss policy, coupled to a host PC to handle both cache management and higher level IPS analysis. The design requires only 2 MB of SRAM for its extensive caches, and can sup-port four Gbps Ethernets on a single Virtex 2 Pro 30.