Specialized Hardware for Deep Network Packet Filtering
作者: Young H. Cho , Shiva Navab , William H. Mangione-Smith
关键词:
摘要: Many computer network provide limited security through simple firewall feature in router and switch. Some networks that require higher use deep packet filter to capture packets can not be detected by firewall. Deep filters list of rules for determining safety packets. There is a high degree parallelism processing these because each rule represent independent pattern matching process. We find the underlying architecture existing software hardware firewalls do fully take advantage this parallelism. Thus, we design filtering on field programmable gate array (FPGA) while retaining its programmability. Our implementation capable over 2.88 gigabits per second stream an Altera EP20K series FPGA without manual optimization.
springer.com
core.ac.uk
acm.org 
sci-hub.st 参考文章(13)
Michael J. S. Smith, Hamish Fallside, Internet Connected FPL field programmable logic and applications. pp. 48- 57 ,(2000) , 10.1007/3-540-44614-1_6
A. Dollas, D. Pnevmatikatos, N. Aslamides, S. Kavvadias, E. Sotiriades, K. Papademetriou, Rapid prototyping of a reusable 4/spl times/4 active ATM switch core with the PCI Pamette rapid system prototyping. pp. 17- 23 ,(2001) , 10.1109/IWRSP.2001.933833
Marios Iliopoulos, Theodore Antonakopoulos, Reconfigurable Network Processors Based on Field Programmable System Level Integrated Circuits field programmable logic and applications. pp. 39- 47 ,(2000) , 10.1007/3-540-44614-1_5
Julia Allen, Alan Christie, William Fithen, John McHugh, Jed Pickel, State of the Practice of Intrusion Detection Technologies Defense Technical Information Center. ,(2000) , 10.21236/ADA375846
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)
R. Sidhu, V.K. Prasanna, Fast Regular Expression Matching Using FPGAs field-programmable custom computing machines. pp. 227- 238 ,(2001) , 10.1109/FCCM.2001.22
Raymond Sinnappan, Scott Hazelhurst, A Reconfigurable Approach to Packet Filtering Field-Programmable Logic and Applications. pp. 638- 642 ,(2001) , 10.1007/3-540-44687-7_70
John McHugh, Alan Christie, Julia Allen, Defending Yourself: The Role of Intrusion Detection Systems IEEE Software. ,vol. 17, pp. 42- 51 ,(2000) , 10.1109/52.877859
J.T. McHenry, P.W. Dowd, F.A. Pellegrino, T.M. Carrozzi, W.B. Cocks, An FPGA-based coprocessor for ATM firewalls field programmable custom computing machines. pp. 30- 39 ,(1997) , 10.1109/FPGA.1997.624602
Florian Braun, John Lockwood, Marcel Waldvogel, Reconfigurable Router Modules Using Network Protocol Wrappers field programmable logic and applications. pp. 254- 263 ,(2001) , 10.1007/3-540-44687-7_27