Download
application of netfpga in network security n.
Skip this Video
Loading SlideShow in 5 Seconds..
Application of NetFPGA in Network Security PowerPoint Presentation
Download Presentation
Application of NetFPGA in Network Security

Application of NetFPGA in Network Security

200 Vues Download Presentation
Télécharger la présentation

Application of NetFPGA in Network Security

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Application of NetFPGA in Network Security Hao Chen 2/25/2011

  2. Introduction to Shrew DDoS Attacks • DDoSattacks : Distributed Denial of Service attacks • Shrew DDoSAttacks: Low rate TCP targeted DDoS Attacks

  3. Power Spectral Density (PSD) Based Analysis • Performing PSD analysis is computing intensive • Adopt hardware implementation • NetFPGA based shrew DDoS attack detector

  4. A NetFPGA Board • Network + FPGA (Field Programmable Gate Arrays) • Fits into standard PCI or PCI-Xslot • Standard Bus: 32 bits, 33 MHz • Provides interfaces for processing network packets • 4 Gigabit Ethernet Ports • Allows hardware-accelerated processing • Implemented with FPGA Logic

  5. The Block Diagram of NetFPGA

  6. A NetFPGA System Networking Software Running on a standard PC A hardware accelerator built with FPGA driving Gigabit network links

  7. Our RackmountNetFPGA Server

  8. A NetFPGA Based Router

  9. Architecture of Reference Router • Five stages • Input • Input arbitration • Routing decision and packet modification • Output queuing • Output • Packet-based module interface • Pluggable design

  10. Inter-Module Communication

  11. Modifying Reference Router Pipeline

  12. Modifying Reference Router Pipeline Power Spectral Density (PSD) Based Shrew DDoS Attack Detector

  13. Overall Shrew DDoS Attack Detection Development Environment NetFPGA Box 2 Reference Router w Shrew DDoS Detector NetFPGA Box 1 Producer NetFPGA Box 3 Consumer NetFGPA w Reference NIC NetFGPA w Custom DDoS Shrew Traffic Generator NetFGPA w Custom DDoS Shrew Detector NetFPGA Reference Router 1 msec TCP Count samples Shrew DDoS Attack Detected Shrew Packet Counter IF Debug Interface Autocorrelation DFT Threshold Detector

  14. Questions?