HARDWARE ACCELERATION FOR POWER EFFICIENT DEEP PACKET INSPECTION
作者: Yachao Zhou
DOI:
关键词:
摘要: The rapid growth of the Internet leads to a massive spread malicious attacks like viruses and malwares, making safety online activity major concern. use Network Intrusion Detection Systems (NIDS) is an effective method safeguard Internet. One key procedure in NIDS Deep Packet Inspection (DPI). DPI can examine contents packet take actions on packets based predefined rules. In this thesis, mainly discussed context security applications. However, also be used for bandwidth management network surveillance. DPI inspects whole payload, due complexity inspection rules, algorithms consume significant amounts resources including time, memory energy. aim thesis design hardware accelerated methods energy efficient high-speed DPI. The patterns payloads, especially complex patterns, efficiently represented by regular expressions, which translated Deterministic Finite Automata (DFA). DFA are fast but very large with certain kinds expressions. proposed transition compressions DFAs. In work, Bloom filters implement FPGA acceleration parallel architecture. Furthermore, devoted at balance power performance, adaptive filter designed capability adjusting number active hash functions according current workload. addition, given implementation both two-stage multi-stage platforms. Nevertheless, false positive rates still prevents from extensive utilization; cache-based counting presented work get rid positives precise matching. Finally, future order estimate effect savings, models will built routers DPI, analyze latency impact dynamic frequency adaption traffic. Besides, low system single or multiple engines. Results evaluation model produced future.
参考文章(79)
Yutaka Sugawara, Mary Inaba, Kei Hiraki, Over 10Gbps String Matching Mechanism for Multi-stream Packet Scanning Systems field-programmable logic and applications. pp. 484- 493 ,(2004) , 10.1007/978-3-540-30117-2_50
Nick McKeown, Yiannis Yiakoumis, Srini Seetharaman, Sujata Banerjee, Brandon Heller, Priya Mahadevan, Puneet Sharma, ElasticTree: saving energy in data center networks networked systems design and implementation. pp. 17- 17 ,(2010) , 10.5555/1855711.1855728
Henk C. Tijms, A First Course in Stochastic Models ,(2003)
Mark A. Franklin, Tilman Wolf, Power Considerations in Network Processor Design Network Processor Design#R##N#Issues and Practices Volume 2. pp. 29- 50 ,(2004) , 10.1016/B978-012198157-0/50005-2
Sylvia Ratnasamy, Sergiu Nedevschi, David Wetherall, Lucian Popa, Gianluca Iannaccone, Reducing network energy consumption via sleeping and rate-adaptation networked systems design and implementation. pp. 323- 336 ,(2008)
Graham A. Stephen, String Searching Algorithms ,(1994)
Fang Yu, R.H. Katz, T.V. Lakshman, Gigabit rate packet pattern-matching using TCAM international conference on network protocols. pp. 174- 183 ,(2004) , 10.1109/ICNP.2004.1348108
Zachary K. Baker, Viktor K. Prasanna, Automatic synthesis of efficient intrusion detection systems on FPGAs field-programmable logic and applications. pp. 311- 321 ,(2004) , 10.1007/978-3-540-30117-2_33
Flavio Bonomi, Michael Mitzenmacher, Rina Panigrahy, Sushil Singh, George Varghese, An Improved Construction for Counting Bloom Filters Lecture Notes in Computer Science. pp. 684- 695 ,(2006) , 10.1007/11841036_61
R. Sidhu, V.K. Prasanna, Fast Regular Expression Matching Using FPGAs field-programmable custom computing machines. pp. 227- 238 ,(2001) , 10.1109/FCCM.2001.22