Application of NetFPGA in Network Security Hao Chen 2/25/2011.

Slides:

Advertisements

Similar presentations

NetFPGA Project: 4-Port Layer 2/3 Switch Ankur Singla Gene Juknevicius

Advertisements

Berlin – November 10th, 2011 NetFPGA Programmable Networking for High-Speed Network Prototypes, Research and Teaching Presented by: Andrew W. Moore (University.

1 A TCAM-based solution for integrated traffic anomaly detection and policy filtering Author: Zhijun Wang, Hao Che, Jiannong Cao, Jingshan Wang Publisher:

Garrett Drown Tianyi Xing Group #4 CSE548 – Advanced Computer Network Security.

External perimeter of secure network public Internet SNMPdata transaction data control commands July 2003 Firewall Network Processor™: basic concept and.

400 Gb/s Programmable Packet Parsing on a Single FPGA Authors : Michael Attig 、 Gordon Brebner Publisher: 2011 Seventh ACM/IEEE Symposium on Architectures.

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) SriramGopinath( )

IO Controller Module Arbitrates IO from the CCP Physically separable from CCP –Can be used as independent data logger or used in future projects. Implemented.

Photoshop Plug-ins with Reconfigurable Logic Implementing a Skeletonization algorithm on the VCC Hotworks Development System (Xilinx XC6200) Mark L. Chang.

1 Network Packet Generator Characterization presentation Supervisor: Mony Orbach Presenting: Eugeney Ryzhyk, Igor Brevdo.

The Design of Improved Dynamic AES and Hardware Implementation Using FPGA 游精允.

Students:Gilad Goldman Lior Kamran Supervisor:Mony Orbach Mid-Semester Presentation Spring 2005 Network Sniffer.

Final Presentation Momentum Measurement Card Project supervised by: Mony Orbach Project performed by: Hadas Preminger, Uri Niv.

Router Architectures An overview of router architectures.

Design and Implementation of SIP-aware DDoS Attack Detection System.

Field Programmable Gate Array (FPGA) Layout An FPGA consists of a large array of Configurable Logic Blocks (CLBs) - typically 1,000 to 8,000 CLBs per chip.

System Architecture A Reconfigurable and Programmable Gigabit Network Interface Card Jeff Shafer, Hyong-Youb Kim, Paul Willmann, Dr. Scott Rixner Rice.

CS 838: NetFPGA Tutorial Theophilus Benson.

Router Architectures An overview of router architectures.

Department of Electrical and Computer Engineering Kekai Hu, Harikrishnan Chandrikakutty, Deepak Unnikrishnan, Tilman Wolf, and Russell Tessier Department.

Distributed Denial of Service Attack and Prevention Andrew Barkley Quoc Thong Le Gia Matt Dingfield Yashodhan Gokhale.

Paolo Musico on behalf of KM3NeT collaboration The Central Logic Board for the KM3NeT detector: design and production Abstract The KM3NeT deep sea neutrino.

Networking Virtualization Using FPGAs Russell Tessier, Deepak Unnikrishnan, Dong Yin, and Lixin Gao Reconfigurable Computing Group Department of Electrical.

NetFPGA: Reusable Router Architecture for Experimental Research Jad Naous, Glen Gibb, Sara Bolouki, and Nick Presented.

Sub- Nyquist Sampling System Hardware Implementation System Architecture Group – Shai & Yaron Data Transfer, System Integration and Debug Environment Part.

Workpackage 3 New security algorithm design ICS-FORTH Paris, 30 th June 2008.

Hardware Design of High Speed Switch Fabric IC. Overall Architecture.

Trigger design engineering tools. Data flow analysis Data flow analysis through the entire Trigger Processor allow us to refine the optimal architecture.

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )

1 of 22 Glaciers and Ice Sheets Interferometric Radar (GISIR) Center for Remote Sensing of Ice Sheets, University of Kansas, Lawrence, KS

06/04/ D Spanning Tree Compliant switch Gireesh Shrimali, Jeslin Puthenparambil EE384Y Course Project.

RiceNIC: A Reconfigurable and Programmable Gigabit Network Interface Card Jeff Shafer, Dr. Scott Rixner Rice Computer Architecture:

GBT Interface Card for a Linux Computer Carson Teale 1.

Research on Reconfigurable Computing Using Impulse C Carmen Li Shen Mentor: Dr. Russell Duren February 1, 2008.

Detectors and read-out DetectorNo. of ch.Read-out method Device candidates CsI(Tl)768Flash ADCCOPPER + 65 MHz FADC FINESSE Active Polarimeter600 x 12 x.

FPGA (Field Programmable Gate Array): CLBs, Slices, and LUTs Each configurable logic block (CLB) in Spartan-6 FPGAs consists of two slices, arranged side-by-side.

Jump to first page One-gigabit Router Oskar E. Bruening and Cemal Akcaba Advisor: Prof. Agarwal.

Increasing Web Server Throughput with Network Interface Data Caching October 9, 2002 Hyong-youb Kim, Vijay S. Pai, and Scott Rixner Rice Computer Architecture.

Computer Networks: Switching and Queuing Ivan Marsic Rutgers University Chapter 4 – Switching and Queuing Delay Models.

Content-oriented Networking Platform: A Focus on DDoS Countermeasure ( In incremental deployment perspective) Authors: Junho Suh, Hoon-gyu Choi, Wonjun.

Management of the LHCb DAQ Network Guoming Liu * †, Niko Neufeld * * CERN, Switzerland † University of Ferrara, Italy.

Verification Methodology of Gigabit Switch System 1999/9/9 Yi Ju Hwan.

Open-Eye Georgios Androulidakis National Technical University of Athens.

Vladimír Smotlacha CESNET High-speed Programmable Monitoring Adapter.

Lecture 12: Reconfigurable Systems II October 20, 2004 ECE 697F Reconfigurable Computing Lecture 12 Reconfigurable Systems II: Exploring Programmable Systems.

Field Programmable Port Extender (FPX) 1 Modular Design Techniques for the FPX.

Department of Computer Science and Engineering Applied Research Laboratory Architecture for a Hardware Based, TCP/IP Content Scanning System David V. Schuehler.

Workpackage 3 New security algorithm design ICS-FORTH Ipswich 19 th December 2007.

Memory-Efficient and Scalable Virtual Routers Using FPGA Department of Computer Science and Information Engineering, National Cheng Kung University, Tainan,

Connector Differential Receiver 8 Channels 65 MHz 12 bits ADC FPGA Receive/buffer ADC data Format triggered Events Generate L1 Primitives Receive timing.

Autonomic Response to Distributed Denial of Service Attacks Paper by: Dan Sterne, Kelly Djahandari, Brett Wilson, Bill Babson, Dan Schnackenberg, Harley.

TOPIC 1.3 INTRODUCTION TO NETWORKING. Router – A netwok interconnection device & associated software that links two networks. The networks being linked.

OpenFlow MPLS and the Open Source Label Switched Router Department of Computer Science and Information Engineering, National Cheng Kung University, Tainan,

NetTM FPGA-based processors Martin Labrecque Connections 2010.

A Design Flow for Optimal Circuit Design Using Resource and Timing Estimation Farnaz Gharibian and Kenneth B. Kent {f.gharibian, unb.ca Faculty.

Collaboration for Astronomy Signal Processing and Electronics Research.

Trigger Hardware Development Modular Trigger Processing Architecture Matt Stettler, Magnus Hansen CERN Costas Foudas, Greg Iles, John Jones Imperial College.

WP5 – Wirespeed Photonic Firewall Validation Start M27, finish M41(tbc) CIP now lead Description of Work –Establish test bed suitable to validated the.

October S T A N F O R D U N I V E R S I T Y A Quick Update for GENI Engineering Conference (GEC3) - Oct 30, 2008 John W. Lockwood and the NetFPGA.

Altera Stratix II FPGA Architecture

Reference Router on NetFPGA 1G

GPM Spacecraft Ethernet Study

Informational Tutorial

Emu: Rapid FPGA Prototyping of Network Services in C#

Firewalls Purpose of a Firewall Characteristic of a firewall

Packet Switch Architectures

Implementing an OpenFlow Switch on the NetFPGA platform

Reference Router on NetFPGA 1G

NetFPGA - an open network development platform

The Trigger Control System of the CMS Level-1 Trigger

Presentation transcript:

Application of NetFPGA in Network Security Hao Chen 2/25/2011

Introduction to Shrew DDoS Attacks DDoS attacks : Distributed Denial of Service attacks Shrew DDoS Attacks: Low rate TCP targeted DDoS Attacks

Power Spectral Density (PSD) Based Analysis Performing PSD analysis is computing intensive Adopt hardware implementation ▫NetFPGA based shrew DDoS attack detector

A NetFPGA Board Network + FPGA (Field Programmable Gate Arrays) ▫Fits into standard PCI or PCI-X slot  Standard Bus: 32 bits, 33 MHz ▫Provides interfaces for processing network packets  4 Gigabit Ethernet Ports ▫Allows hardware-accelerated processing  Implemented with FPGA Logic

The Block Diagram of NetFPGA

A NetFPGA System

Our Rackmount NetFPGA Server

A NetFPGA Based Router

Architecture of Reference Router Five stages ▫Input ▫Input arbitration ▫Routing decision and packet modification ▫Output queuing ▫Output Packet-based module interface Pluggable design

Inter-Module Communication

Modifying Reference Router Pipeline

Power Spectral Density (PSD) Based Shrew DDoS Attack Detector

Overall Shrew DDoS Attack Detection Development Environment NetFGPA w Custom DDoS Shrew Traffic Generator NetFPGA Box 1 Producer NetFPGA Box 2 Reference Router w Shrew DDoS Detector NetFGPA w Custom DDoS Shrew Detector NetFPGA Box 3 Consumer NetFGPA w Reference NIC NetFPGA Reference Router Shrew Packet Counter IF AutocorrelationDFT Threshold Detector Shrew DDoS Attack Detected Debug Interface 1 msec TCP Count samples

Questions?