1 / 14

Application of NetFPGA in Network Security

Application of NetFPGA in Network Security. Hao Chen 2/25/2011. Introduction to Shrew DDoS Attacks. DDoS attacks : Distributed Denial of Service attacks Shrew DDoS Attacks: Low rate TCP targeted DDoS Attacks. Power Spectral Density (PSD) Based Analysis.

catori
Télécharger la présentation

Application of NetFPGA in Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Application of NetFPGA in Network Security Hao Chen 2/25/2011

  2. Introduction to Shrew DDoS Attacks • DDoSattacks : Distributed Denial of Service attacks • Shrew DDoSAttacks: Low rate TCP targeted DDoS Attacks

  3. Power Spectral Density (PSD) Based Analysis • Performing PSD analysis is computing intensive • Adopt hardware implementation • NetFPGA based shrew DDoS attack detector

  4. A NetFPGA Board • Network + FPGA (Field Programmable Gate Arrays) • Fits into standard PCI or PCI-Xslot • Standard Bus: 32 bits, 33 MHz • Provides interfaces for processing network packets • 4 Gigabit Ethernet Ports • Allows hardware-accelerated processing • Implemented with FPGA Logic

  5. The Block Diagram of NetFPGA

  6. A NetFPGA System Networking Software Running on a standard PC A hardware accelerator built with FPGA driving Gigabit network links

  7. Our RackmountNetFPGA Server

  8. A NetFPGA Based Router

  9. Architecture of Reference Router • Five stages • Input • Input arbitration • Routing decision and packet modification • Output queuing • Output • Packet-based module interface • Pluggable design

  10. Inter-Module Communication

  11. Modifying Reference Router Pipeline

  12. Modifying Reference Router Pipeline Power Spectral Density (PSD) Based Shrew DDoS Attack Detector

  13. Overall Shrew DDoS Attack Detection Development Environment NetFPGA Box 2 Reference Router w Shrew DDoS Detector NetFPGA Box 1 Producer NetFPGA Box 3 Consumer NetFGPA w Reference NIC NetFGPA w Custom DDoS Shrew Traffic Generator NetFGPA w Custom DDoS Shrew Detector NetFPGA Reference Router 1 msec TCP Count samples Shrew DDoS Attack Detected Shrew Packet Counter IF Debug Interface Autocorrelation DFT Threshold Detector

  14. Questions?

More Related