Introduction to Intrusion Detection Systems. All incoming packets are filtered for specific characteristics or content Databases have thousands of patterns.

Slides:

Advertisements

Similar presentations

Deep Packet Inspection: Where are We? CCW08 Michela Becchi.

Advertisements

Faculty of Sciences and Technology University of Algarve, Faro João M. P. Cardoso April 30, 2001 IEEE Symposium on Field-Programmable Custom Computing.

FPGA (Field Programmable Gate Array)

Multi-dimensional Packet Classification on FPGA: 100Gbps and Beyond

A Scalable and Reconfigurable Search Memory Substrate for High Throughput Packet Processing Sangyeun Cho and Rami Melhem Dept. of Computer Science University.

Massively Parallel Cuckoo Pattern Matching Applied For NIDS/NIPS  Author: Tran Ngoc Thinh, Surin Kittitornkun  Publisher: Electronic Design, Test and.

Architectural Improvement for Field Programmable Counter Array: Enabling Efficient Synthesis of Fast Compressor Trees on FPGA Alessandro Cevrero 1,2 Panagiotis.

Boosting XML filtering through a scalable FPGA-based architecture A. Mitra, M. Vieira, P. Bakalov, V. Tsotras, W. Najjar.

High-throughput Linked-Pattern Matching for Intrusion Detection System Zachary Baker and Viktor K. Prasanna University of Southern California

Authors: Raphael Polig, Kubilay Atasu, and Christoph Hagleitner Publisher: FPL, 2013 Presenter: Chia-Yi, Chu Date: 2013/10/30 1.

Technical University of Crete Packet Pre-filtering for Network Intrusion Detection Ioannis Sourdis, Vasilis Dimopoulos, Dionisios Pnevmatikatos and Stamatis.

Reconfigurable Computing: What, Why, and Implications for Design Automation André DeHon and John Wawrzynek June 23, 1999 BRASS Project University of California.

1 An Evolution of Pattern Matching within Network Intrusion Detection Systems Erik Anderson 9 November 2006.

Seven Minute Madness: Special-Purpose Parallel Architectures Dr. Jason D. Bakos.

11 FPGA based High speed and low area cost pattern matching Authors: Jian Huang, Zongkai Yang, Xu Du, and Wei Liu Publisher: Proceedings of IEEE Symposium.

Source Code Optimization and Profiling of Energy Consumption in Embedded System Simunic, T.; Benini, L.; De Micheli, G.; Hans, M.; Proceedings on The 13th.

FPGA Based Video Codec: Implementation and Techniques An Seminar Series Markus Adhiwiyogo Benjamin Ernest-Jones Matt Richey.

Design of a Reconfigurable Hardware For Efficient Implementation of Secret Key and Public Key Cryptography.

1 Energy Efficient Multi-match Packet Classification with TCAM Fang Yu

1 Scalable Pattern Matching for High Speed Networks Authors: Christopher R.Clark and David E. Schemmel Publisher: Proceedings of IEEE Symposium on Field-

Seven Minute Madness: Reconfigurable Computing Dr. Jason D. Bakos.

A Signature Match Processor Architecture for Network Intrusion Detection Janardhan Singaraju, Long Bu and John A. Chandy Electrical and Computer Engineering.

Gnort: High Performance Intrusion Detection Using Graphics Processors Giorgos Vasiliadis, Spiros Antonatos, Michalis Polychronakis, Evangelos Markatos,

EKT303/4 PRINCIPLES OF PRINCIPLES OF COMPUTER ARCHITECTURE (PoCA)

A Compact and Efficient FPGA Implementation of DES Algorithm Saqib, N.A et al. In:International Conference on Reconfigurable Computing and FPGAs, Sept.

Paper Review I Coarse Grained Reconfigurable Arrays Presented By: Matthew Mayhew I.D.# ENG*6530 Tues, June, 10,

Power Reduction for FPGA using Multiple Vdd/Vth

 Author: Kubilay Atasu, Florian Doerfler, Jan van Lunteren, Christoph Hagleitner  Publisher: 2013 FPL  Presenter: Yuen-Shuo Li  Date: 2013/10/30 1.

FPGA Switch Block Design Dr. Philip Brisk Department of Computer Science and Engineering University of California, Riverside CS 223.

Floating Point vs. Fixed Point for FPGA 1. Applications Digital Signal Processing -Encoders/Decoders -Compression -Encryption Control -Automotive/Aerospace.

Efficient FPGA Implementation of QR

Automated Design of Custom Architecture Tulika Mitra

(TPDS) A Scalable and Modular Architecture for High-Performance Packet Classification Authors: Thilan Ganegedara, Weirong Jiang, and Viktor K. Prasanna.

Efficient Mapping onto Coarse-Grained Reconfigurable Architectures using Graph Drawing based Algorithm Jonghee Yoon, Aviral Shrivastava *, Minwook Ahn,

Advanced Computer Architecture, CSE 520 Generating FPGA-Accelerated DFT Libraries Chi-Li Yu Nov. 13, 2007.

SHA-3 Candidate Evaluation 1. FPGA Benchmarking - Phase Round-2 SHA-3 Candidates implemented by 33 graduate students following the same design.

1 Extending Atmel FPGA Flow Nikos Andrikos TEC-EDM, ESTEC, ESA, Netherlands DAUIN, Politecnico di Torino, Italy NPI Final Presentation 25 January 2013.

FPGA Based String Matching for Network Processing Applications Janardhan Singaraju, John A. Chandy Presented by: Justin Riseborough Albert Tirtariyadi.

Reminder Lab 0 Xilinx ISE tutorial Research Send me an if interested Looking for those interested in RC with skills in compilers/languages/synthesis,

ESL and High-level Design: Who Cares? Anmol Mathur CTO and co-founder, Calypto Design Systems.

Automatic Synthesis of Efficient Intrusion Detection Systems on FPGAs by Zachary K. Baker and Viktor K. Prasanna University of Southern California, Los.

Reconfigurable Computing Using Content Addressable Memory (CAM) for Improved Performance and Resource Usage Group Members: Anderson Raid Marie Beltrao.

Radix-2 2 Based Low Power Reconfigurable FFT Processor Presented by Cheng-Chien Wu, Master Student of CSIE,CCU 1 Author: Gin-Der Wu and Yi-Ming Liu Department.

Design Space Exploration for Application Specific FPGAs in System-on-a-Chip Designs Mark Hammerquist, Roman Lysecky Department of Electrical and Computer.

Author : Guangdeng Liao, Heeyeol Yu, Laxmi Bhuyan Publisher : Publisher : DAC'10 Presenter : Jo-Ning Yu Date : 2010/10/06.

Lecture 16: Reconfigurable Computing Applications November 3, 2004 ECE 697F Reconfigurable Computing Lecture 16 Reconfigurable Computing Applications.

ISSS 2001, Montréal1 ISSS’01 S.Derrien, S.Rajopadhye, S.Sur-Kolay* IRISA France *ISI calcutta Combined Instruction and Loop Level Parallelism for Regular.

1 Dynamic Pipelining: Making IP- Lookup Truly Scalable Jahangir Hasan T. N. Vijaykumar School of Electrical and Computer Engineering, Purdue University.

Lecture 13: Logic Emulation October 25, 2004 ECE 697F Reconfigurable Computing Lecture 13 Logic Emulation.

A Configurable High-Throughput Linear Sorter System Jorge Ortiz Information and Telecommunication Technology Center 2335 Irving Hill Road Lawrence, KS.

EE3A1 Computer Hardware and Digital Design

Author ： Ioannis Sourdis, Vasilis Dimopoulos, Dionisios Pnevmatikatos and Stamatis Vassiliadis Publisher ： ANCS’06 Presenter ： Zong-Lin Sie Date ： 2011/01/05.

StrideBV: Single chip 400G+ packet classification Author: Thilan Ganegedara, Viktor K. Prasanna Publisher: HPSR 2012 Presenter: Chun-Sheng Hsueh Date:

EKT303/4 PRINCIPLES OF PRINCIPLES OF COMPUTER ARCHITECTURE (PoCA)

COARSE GRAINED RECONFIGURABLE ARCHITECTURES 04/18/2014 Aditi Sharma Dhiraj Chaudhary Pruthvi Gowda Rachana Raj Sunku DAY

Development of Programmable Architecture for Base-Band Processing S. Leung, A. Postula, Univ. of Queensland, Australia A. Hemani, Royal Institute of Tech.,

Algorithms to Accelerate Multiple Regular Expressions Matching for Deep Packet Inspection Sailesh Kumar Sarang Dharmapurikar Fang Yu Patrick Crowley Jonathan.

1 Leakage Power Analysis of a 90nm FPGA Authors: Tim Tuan (Xilinx), Bocheng Lai (UCLA) Presenter: Sang-Kyo Han (ECE, University of Maryland) Published.

Pipelining and number theory for multiuser detection Sridhar Rajagopal and Joseph R. Cavallaro Rice University This work is supported by Nokia, TI, TATP.

FPGA-Based System Design: Chapter 6 Copyright  2004 Prentice Hall PTR Topics n Low power design. n Pipelining.

A Design Flow for Optimal Circuit Design Using Resource and Timing Estimation Farnaz Gharibian and Kenneth B. Kent {f.gharibian, unb.ca Faculty.

A New Class of High Performance FFTs Dr. J. Greg Nash Centar ( High Performance Embedded Computing (HPEC) Workshop.

Fast Lookup for Dynamic Packet Filtering in FPGA REPORTER: HSUAN-JU LI 2014/09/18 Design and Diagnostics of Electronic Circuits & Systems, 17th International.

Recursive Architectures for 2DLNS Multiplication RESEARCH CENTRE FOR INTEGRATED MICROSYSTEMS - UNIVERSITY OF WINDSOR 11 Recursive Architectures for 2DLNS.

Architecture and algorithm for synthesizable embedded programmable logic core Noha Kafafi, Kimberly Bozman, Steven J. E. Wilton 2003 Field programmable.

Optimizing Packet Lookup in Time and Space on FPGA Author: Thilan Ganegedara, Viktor Prasanna Publisher: FPL 2012 Presenter: Chun-Sheng Hsueh Date: 2012/11/28.

Philipp Gysel ECE Department University of California, Davis

 presented by- ARPIT GARG ISHU MISHRA KAJAL SINGHAL B.TECH(ECE) 3RD YEAR.

Dynamo: A Runtime Codesign Environment

Scalable Memory-Less Architecture for String Matching With FPGAs

Presentation transcript:

Introduction to Intrusion Detection Systems

All incoming packets are filtered for specific characteristics or content Databases have thousands of patterns requiring string matching –FPGA allows fine-grained parallelism and computational reuse 10 Gb/s and higher rates desired –Provided by pipelined, streaming architectures What is Intrusion Detection?

Objective: find all occurrences of a pattern in an input Naïve approach: O((n-m+1)m) Shift-and-compare: O(n), large hardware requirements, O(nm) work Hashing: O(n), hashing can be complex, O(nm) work KMP: O(n): other algorithms may be faster in practice, but do not provide low precise upper bound (2n – m), O(n+m) work Other Approaches

Various contributions to shift-and-compare architectures: Pre-decoded architecture provides significant area and routing improvements over encoded data Graph-based partitioning of patterns allows for reduced routing complexity and increased frequency performance through multiple pipelines Average of 15% decrease in area, 5% decrease in clock period over unpartitioned unary High-Performance Shift-and-Compare Architectures

Methodology Flow

Trie-based prefix grouping allows for reduced area consumption through lower redundant comparisons 4-byte prefixes turn out to be very appropriate for intrusion detection: /cgi-bin/bigconf.cgi /cgi-bin/common/listrec.pl /cgi-sys/addalink.cgi /cgi-sys/entropysearch.cgi Replication of hardware and delays allow for multi-byte per cycle throughput at high clock rates Pipeline is not increased in size – large source of slice consumption Front end decoders increases in size by k Back end matchers increase in size by k Reduction of Resource Usage

*Efficiency in throughput/area, normalized to 1-way (~100 rules)

Variations in tool flow provide customizable performance: – Tool Options Small: partitioned and pre-decoded architecture –Prefix trees Fast: k-way architecture Fast reconfiguration, minimum complexity –KMP architecture Customized Performance

* Throughput is assumed to be constant over variations in pattern size. Unit size is the average unit size for a 16 character pattern (in logic cells; one slice is two logic cells), and performance is defined as Mb/s/cell). Comparison of Related Architectures

Goal: Reduce place and route costs Cost for changing rules in one of k partitions: overhead + 1/k Key: Predefinition of area constraints Incremental Architecture Synthesis

Definitions: S p* the set of characters required to represent the new pattern p*. The set difference between the characters currently represented in P i and the characters that are present in S p* is The partition which will require the addition of the minimum number of new characters is the optimal partition P j. The optimal partition is selected from the set of partitions P. Determining the Optimal Partition

Relevant Publications “Time and Area Efficient Pattern Matching on FPGAs,” Proceedings of the 12th Annual ACM International Symposium on Field-Programmable Gate Arrays (FPGA '04) “A Methodology for the Synthesis of Efficient Intrusion Detection Systems on FPGAs,” Proceedings of the Twelfth Annual IEEE Symposium on Field Programmable Custom Computing Machines 2004 (FCCM '04) “Automated Incremental Design of Flexible Intrusion Detection Systems on FPGAs,” Proceedings of the Eighth Annual Workshop on High Performance Embedded Computing (HPEC '04) Additional publications: