Author Name Security and Networks Research Group Department of Computer Science Rhodes University SNRG SLIDE TEMPLATE.

Slides:

Advertisements

Similar presentations

A Search Memory Substrate for High Throughput and Low Power Packet Processing Sangyeun Cho, Michel Hanna and Rami Melhem Dept. of Computer Science University.

Advertisements

A Scalable and Reconfigurable Search Memory Substrate for High Throughput Packet Processing Sangyeun Cho and Rami Melhem Dept. of Computer Science University.

ECE Department: University of Massachusetts, Amherst ECE 354 Lab 3: Transmitting and Receiving Ethernet Packets.

Basic IP Traffic Management with Access Lists

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Introducing ACLs.

A Memory-Efficient Reconfigurable Aho-Corasick FSM Implementation for Intrusion Detection Systems Authors: Seongwook Youn and Dennis McLeod Presenter:

400 Gb/s Programmable Packet Parsing on a Single FPGA Authors : Michael Attig 、 Gordon Brebner Publisher: 2011 Seventh ACM/IEEE Symposium on Architectures.

Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.

CSIE NCKU High-performance router architecture 高效能路由器的架構與設計.

Improved TCAM-based Pre-Filtering for Network Intrusion Detection Systems Department of Computer Science and Information Engineering National Cheng Kung.

CS 268: Lectures 13/14 (Route Lookup and Packet Classification) Ion Stoica April 1/3, 2002.

Two stage packet classification using most specific filter matching and transport level sharing Authors: M.E. Kounavis *,A. Kumar,R. Yavatkar,H. Vin Presenter:

Packet Classification George Varghese. Original Motivation: Firewalls Firewalls use packet filtering to block say ssh and force access to web and mail.

CS 268: Route Lookup and Packet Classification

Algorithms for Advanced Packet Classification with TCAMs Karthik Lakshminarayanan UC Berkeley Joint work with Anand Rangarajan and Srinivasan Venkatachary.

Deep Packet Inspection with Regular Expression Matching Min Chen, Danny Guo {michen, CSE Dept, UC Riverside 03/14/2007.

Chapter 9 Classification And Forwarding. Outline.

IP Addressing INTW What is an IP address? An unique identifier for a computer or device (host) on a TCP/IP network A 32-bit binary number usually.

1 Efficient packet classification using TCAMs Authors: Derek Pao, Yiu Keung Li and Peng Zhou Publisher: Computer Networks 2006 Present: Chen-Yu Lin Date:

 Author: Tsern-Huei Lee  Publisher: 2009 IEEE Transation on Computers  Presenter: Yuen-Shuo Li  Date: 2013/09/18 1.

Presentation by : Samad Najjar Enhancing the performance of intrusion detection system using pre-process mechanisms Supervisor: Dr. L. Mohammad Khanli.

Sarang Dharmapurikar With contributions from : Praveen Krishnamurthy,

ECE 526 – Network Processing Systems Design Network Processor Architecture and Scalability Chapter 13,14: D. E. Comer.

Lecture 2 TCP/IP Protocol Suite Reference: TCP/IP Protocol Suite, 4 th Edition (chapter 2) 1.

What is a Protocol A set of definitions and rules defining the method by which data is transferred between two or more entities or systems. The key elements.

Packet Classification using Rule Caching Author: Nitesh B. Guinde, Roberto Rojas-Cessa, Sotirios G. Ziavras Publisher: IISA, 2013 Fourth International.

Sampling Techniques to Accelerate Pattern Matching in Network Intrusion Detection Systems Author: Domenico Ficara, Gianni Antichi, Andrea Di Pietro, Stefano.

Timothy Whelan Supervisor: Mr Barry Irwin Security and Networks Research Group Department of Computer Science Rhodes University Hardware based packet filtering.

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 5 Internet Protocol (IP) Basics.

1 The Internet and Networked Multimedia. 2 Layering  Internet protocols are designed to work in layers, with each layer building on the facilities provided.

ECE 526 – Network Processing Systems Design Networking: protocols and packet format Chapter 3: D. E. Comer Fall 2008.

Packet Classification on Multiple Fields 참고 논문 : Pankaj Gupta and Nick McKeown SigComm 1999.

Packet Classification using Tuple Space Search

A Hybrid IP Lookup Architecture with Fast Updates Author : Layong Luo, Gaogang Xie, Yingke Xie, Laurent Mathy, Kavé Salamatian Conference: IEEE INFOCOM,

Author ： Ioannis Sourdis, Vasilis Dimopoulos, Dionisios Pnevmatikatos and Stamatis Vassiliadis Publisher ： ANCS’06 Presenter ： Zong-Lin Sie Date ： 2011/01/05.

StrideBV: Single chip 400G+ packet classification Author: Thilan Ganegedara, Viktor K. Prasanna Publisher: HPSR 2012 Presenter: Chun-Sheng Hsueh Date:

HARDWARE BASED PACKET FILTERING USING FPGAs (or “How hardware is better than software at judging a book by its cover”) Timothy Whelan Supervisor: Mr Barry.

Department of Computer Science and Engineering Applied Research Laboratory Architecture for a Hardware Based, TCP/IP Content Scanning System David V. Schuehler.

1 Fast packet classification for two-dimensional conflict-free filters Department of Computer Science and Information Engineering National Cheng Kung University,

TCAM –BASED REGULAR EXPRESSION MATCHING SOLUTION IN NETWORK Phase-I Review Supervised By, Presented By, MRS. SHARMILA,M.E., M.ARULMOZHI, AP/CSE.

Programming Multi-Core Processors based Embedded Systems A Hands-On Experience on Cavium Octeon based Platforms Lab Exercises: Lab 5 (Deep Packet Inspection)

High-Speed Policy-Based Packet Forwarding Using Efficient Multi-dimensional Range Matching Lakshman and Stiliadis ACM SIGCOMM 98.

CS 740: Advanced Computer Networks IP Lookup and classification Supplemental material 02/05/2007.

A Scalable Architecture For High-Throughput Regular-Expression Pattern Matching Yao Song 11/05/2015.

CS470 Computer Networking Protocols

OpenFlow MPLS and the Open Source Label Switched Router Department of Computer Science and Information Engineering, National Cheng Kung University, Tainan,

Updating Designed for Fast IP Lookup Author : Natasa Maksic, Zoran Chicha and Aleksandra Smiljani´c Conference: IEEE High Performance Switching and Routing.

Cisco Confidential © 2013 Cisco and/or its affiliates. All rights reserved. 1 Cisco Networking Training (CCENT/CCT/CCNA R&S) Rick Rowe Ron Giannetti.

Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.

A Fast Regular Expression Matching Engine for NIDS Applying Prediction Scheme Author: Lei Jiang, Qiong Dai, Qiu Tang, Jianlong Tan and Binxing Fang Publisher:

Parallel tree search: An algorithmic approach for multi- field packet classification Authors: Derek Pao and Cutson Liu. Publisher: Computer communications.

Packet Classification Using Multidimensional Cutting Sumeet Singh (UCSD) Florin Baboescu (UCSD) George Varghese (UCSD) Jia Wang (AT&T Labs-Research) Reviewed.

A Classification for Access Control List To Speed Up Packet-Filtering Firewall CHEN FAN, LONG TAN, RAWAD FELIMBAN and ABDELSHAKOUR ABUZNEID Department.

400 Gb/s Programmable Packet Parsing on a Single FPGA Author: Michael Attig 、 Gordon Brebner Publisher: ANCS 2011 Presenter: Chun-Sheng Hsueh Date: 2013/03/27.

Graciela Perera Department of Computer Science and Information Systems Slide 1 of 18 INTRODUCTION NETWORKING CONCEPTS AND ADMINISTRATION CSIS 3723 Graciela.

What is a Protocol A set of definitions and rules defining the method by which data is transferred between two or more entities or systems. The key elements.

Snort – IDS / IPS.

Author: Yun R. Qu, Shijie Zhou, and Viktor K. Prasanna Publisher:

7 Network Layer Part IV Computer Networks Tutun Juhana

CS4470 Computer Networking Protocols

An NP-Based Router for the Open Network Lab Overview by JST

Scalable Memory-Less Architecture for String Matching With FPGAs

Implementing an OpenFlow Switch on the NetFPGA platform

EE 122: Lecture 7 Ion Stoica September 18, 2001.

Internetworking: Concepts, Architecture, and Protocols

High-performance router/switch architecture 高效能路由器/交換器的架構與設計

Compact DFA Structure for Multiple Regular Expressions Matching

16EC Computer networks unit II Mr.M.Jagadesh

Authors: Ding-Yuan Lee, Ching-Che Wang, An-Yeu Wu Publisher: 2019 VLSI

Presentation transcript:

Author Name Security and Networks Research Group Department of Computer Science Rhodes University SNRG SLIDE TEMPLATE

Started my literature review WORKED FOR FESTIVAL Finished my literature review (Ordered a new toy) What’s happened since last time?

The packet classification problem Overview of literature review –Classification algorithms –Deep packet inspection algorithms Plan of action Contents

The packet classification problem Most packets contain the basic 5-tuple (Source/Destination IP addresses, Source/Destination port numbers, protocol numbers). The 5-tuple can determine much of packet routing and how packets should be handled (dropped, ignored, allowed etc.). Different combinations of values of fields in the 5-tuple require different actions i.e. match different filters. Reactions to packets can also be based on the contents of the packet’s payload; may depend on packet’s context/classification. The packet classification problem aims to determine what response a packet should elicit given its field properties and payload contents. (Packet classification tends to ignore deep packet inspection)

Linear/Parallel search LinearvsParallel Easy to implement Reliable Not very fast Very fast Very fast (and reliable) Resource expensive TCAMs

Useful for prefix ranges Good for 2D filters, worse for >2D Optimisations include branch pruning and cross-trie pointers Grid-of-tries

A geometric approach to packet classification 1.Determine the set of applicable filters for each field 2.Intersection of filters yields applicable filters for whole packet Also lends itself to parallelism Address 10; port 7: yield AND > Bit vectors Address 10Port AND Filter: j

The BV-TCAM architecture Song and Lockwood observed that in a filter set there are few unique IP addresses or address masks but many protocols and port numbers Used TCAM’s for IP address matching – small variety of unique addresses TCAM output was encoded in a bit vector Grid-of-tries used for protocol matching – protocol determined which set of tries to search Output also in the form of a bit vector Intersection of bit vectors yielded final set of matched filters Designed achieved 2.5 Gbps

N parallel rule checks N comparators each search for a string at each offset within the packet Header processing and payload inspection can be pipelined to increase throughput. Sourdis and Pnevmatikatos achieved 10Gbps throughput.

Deterministic finite state automata Regular expressions - Vi(R|r)u(S|s) Deterministic automata were created using software tools and then mapped to FPGAs Each DFA searched for a separate string Achieved a throughput of 1.2Gbps – 2.5Gbps

Comments on literature Packet classification is a well rehearsed problem Many different solutions Leverage the well known header structure of received packets Deep packet inspection is a much harder problem to solve Obfuscated appearance of most packet payloads Greater need for raw processing power and parallelized implementations

Future project progress Currently: Waiting for new FPGA development board Browsing through Xilinx SDK to familiarise myself with Ethernet interfacing on the FPGA Searching the Internet for other open-source TCP/IP or Ethernet processing code segments Still to do: Finish implementation of complete system Testing and timings of final system Write report