application of netfpga in network security hao chen 2/25/2011
Post on 21-Dec-2015
214 views
TRANSCRIPT
![Page 1: Application of NetFPGA in Network Security Hao Chen 2/25/2011](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d5f5503460f94a3f017/html5/thumbnails/1.jpg)
Application of NetFPGA in Network Security
Hao Chen2/25/2011
![Page 2: Application of NetFPGA in Network Security Hao Chen 2/25/2011](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d5f5503460f94a3f017/html5/thumbnails/2.jpg)
Introduction to Shrew DDoS Attacks
•DDoS attacks : Distributed Denial of Service attacks
•Shrew DDoS Attacks: Low rate TCP targeted DDoS Attacks
![Page 3: Application of NetFPGA in Network Security Hao Chen 2/25/2011](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d5f5503460f94a3f017/html5/thumbnails/3.jpg)
Power Spectral Density (PSD) Based Analysis•Performing PSD analysis is computing
intensive•Adopt hardware implementation
▫NetFPGA based shrew DDoS attack detector
![Page 4: Application of NetFPGA in Network Security Hao Chen 2/25/2011](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d5f5503460f94a3f017/html5/thumbnails/4.jpg)
A NetFPGA Board• Network + FPGA (Field Programmable Gate Arrays)
▫ Fits into standard PCI or PCI-X slot Standard Bus: 32 bits, 33 MHz
▫ Provides interfaces for processing network packets 4 Gigabit Ethernet Ports
▫ Allows hardware-accelerated processing Implemented with FPGA Logic
![Page 5: Application of NetFPGA in Network Security Hao Chen 2/25/2011](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d5f5503460f94a3f017/html5/thumbnails/5.jpg)
The Block Diagram of NetFPGA
![Page 6: Application of NetFPGA in Network Security Hao Chen 2/25/2011](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d5f5503460f94a3f017/html5/thumbnails/6.jpg)
A NetFPGA System
Networking Software Running on a standard PC
A hardware accelerator built with FPGA driving Gigabit network links
![Page 7: Application of NetFPGA in Network Security Hao Chen 2/25/2011](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d5f5503460f94a3f017/html5/thumbnails/7.jpg)
Our Rackmount NetFPGA Server
![Page 8: Application of NetFPGA in Network Security Hao Chen 2/25/2011](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d5f5503460f94a3f017/html5/thumbnails/8.jpg)
A NetFPGA Based Router
![Page 9: Application of NetFPGA in Network Security Hao Chen 2/25/2011](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d5f5503460f94a3f017/html5/thumbnails/9.jpg)
Architecture of Reference Router• Five stages
▫ Input▫ Input arbitration▫Routing decision and
packet modification▫Output queuing▫Output
• Packet-based module interface
• Pluggable design
![Page 10: Application of NetFPGA in Network Security Hao Chen 2/25/2011](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d5f5503460f94a3f017/html5/thumbnails/10.jpg)
Inter-Module Communication
![Page 11: Application of NetFPGA in Network Security Hao Chen 2/25/2011](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d5f5503460f94a3f017/html5/thumbnails/11.jpg)
Modifying Reference Router Pipeline
![Page 12: Application of NetFPGA in Network Security Hao Chen 2/25/2011](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d5f5503460f94a3f017/html5/thumbnails/12.jpg)
Modifying Reference Router Pipeline
Power Spectral Density (PSD) Based Shrew DDoS
Attack Detector
![Page 13: Application of NetFPGA in Network Security Hao Chen 2/25/2011](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d5f5503460f94a3f017/html5/thumbnails/13.jpg)
Overall Shrew DDoS Attack Detection Development Environment
NetFGPA w Custom DDoS
ShrewTraffic Generator
NetFPGA Box 1
Producer
NetFPGA Box 2 Reference Router w
Shrew DDoS Detector
NetFGPA w Custom DDoS
ShrewDetector
NetFPGA Box 3
Consumer
NetFGPA w Reference NIC
NetFPGA Reference
Router
Shrew Packet Counter IF
Autocorrelation
DFT Threshold Detector
Shrew DDoSAttack DetectedDebug Interface
1 msec TCP Count samples
![Page 14: Application of NetFPGA in Network Security Hao Chen 2/25/2011](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d5f5503460f94a3f017/html5/thumbnails/14.jpg)
Questions?