Internet Worm and Virus Protection in Dynamically Reconfigurable Hardware By John W' Lockwood, et al - PowerPoint PPT Presentation

1 / 13
About This Presentation
Title:

Internet Worm and Virus Protection in Dynamically Reconfigurable Hardware By John W' Lockwood, et al

Description:

Internet Worm and Virus Protection in Dynamically Reconfigurable Hardware ... Aggregation Point (NAP) with DEDs added to provide worm and virus protection ... – PowerPoint PPT presentation

Number of Views:56
Avg rating:3.0/5.0
Slides: 14
Provided by: csO9
Learn more at: https://www.cs.odu.edu
Category:

less

Transcript and Presenter's Notes

Title: Internet Worm and Virus Protection in Dynamically Reconfigurable Hardware By John W' Lockwood, et al


1
Internet Worm and Virus Protection in Dynamically
Reconfigurable HardwareBy John W. Lockwood, et al
  • Course CS895
  • Advisor Dr. Ravi Mukkamala
  • Speaker Weiying Zhu
  • Date 03/17/2004

2
Table of Contents
  • Introduction
  • Intelligent Gateway Devices
  • System Architecture
  • Reprogrammable Logic
  • Conclusions
  • References

3
Introduction
  • Malicious software (malware) a computer virus,
    an Internet worm, or a hybrid that contains
    elements of both.
  • Weakness of End-System Protection
  • Most malwares go undetected until they cause harm
    on an en-users computer.
  • Individuals tend to ignore warnings about
    installing new protection software and the latest
    security updates.
  • Systems are not always patched immediately, and
    anti-virus programs are not kept up to date.

4
Intelligent Gateway Devices
  • Existing Firewalls.
  • They examine only the packet headers. However,
    many malwares transport over trusted services.
  • Intrusion detection prevention systems.
  • They search for predefined signatures belonging
    to malwares by scanning the packet payloads.
  • Software-based scanners not fast-enough to
    monitor all traffic on a high-speed link.
  • Hardware-based scanners can make use of
    parallelism to perform deep packet inspection
    with high throughput.
  • Programmable Logic Devices (PLDs) provide the
    flexibility and performance to scan for regular
    expressions within a high-speed network.

5
System Architecture
  • System components
  • Data Enabling Device (DED) Scan packets.
  • Its heart is FPX, which consists of a module
    implemented in FPGA hardware that scans the
    content of Internet packets at Gigabit per second
    rates.
  • Its installed at key traffic aggregation points
    of networks, as well as on the backbone.
  • Content Matching Server (CMS) Reprogram DED.
  • It compiles and synthesizes custom circuits to
    reconfigure DEDs over the network.
  • Regional Transaction Processor (RTP) Determine
    action.
  • It consults a database to determine actions when
    matching content is found by a DED.
  • A single RTP can be used to remotely coordinates
    the activities of up to 100 DEDs.

6
System Architecture (Cont.)
Fig. 1. Example topology of a Network Aggregation
Point (NAP) with DEDs added to provide worm and
virus protection
7
System Architecture (Cont.)
  • System operation

Fig. 2. How the system works.
8
Reprogrammable Logic
  • A DED contains two network line cards, a
    backplane, two or more FPX cards.
  • FPX card implements the core function of DED. It
    consists of
  • two FPGAs (one is NID and the other is RAD)
  • NID is used to route individual traffic flows
    through the device and process control packets.
  • RAS is dynamically reconfigured over the network
    to perform customized packet processing
    functions.
  • five banks of memory
  • two high-speed (OC-48 rate) network interfaces.

9
Reprogrammable Logic (Cont.)
Fig. 3. The FPX card.
10
Reprogrammable Logic (Cont.)
  • Line cards
  • SONET line card adapter for ATM networks
  • GBIC for Gigabit Ethernet.
  • Protocol processing wrappers
  • ATM wrapper
  • Gigabit Ethernet wrapper
  • IP wrapper
  • UDP wrapper
  • TCP wrapper

11
Reprogrammable Logic (Cont.)
  • Performance
  • By implementing four modules in parallel, the FPX
    can process data at a rate of 2.4 Gigabits per
    second.
  • By performing the network scanning with parallel
    hardware, all packets can be examined even at
    high throughput.

Fig. 4. Performance of FPGA-based matching v.s.
Software-based matching.
12
Conclusions
  • The system scans data quickly.
  • The scanning devices can be reconfigured to
    search for new attack patterns.
  • The system takes immediate action when attacks
    occur.

13
References
  • Internet Worm and Virus Protection in Dynamically
    Reconfigurable Hardware by John W. Lockwood,
    James Moscola, Matthew Kulig, David Reddick, Tim
    Brooks, Military and Aerospace Programmable Logic
    Device (MAPLD), Washington DC, 2003, Paper E10,
    Sep 9-11, 2003.
  • http//www.arl.wustl.edu/lockwood/publications/M
    APLD_2003_e10_lockwood_p.pdf
  • Application of Hardware Accelerated Extensible
    Network Nodes for Internet Worm and Virus
    Protection by John W. Lockwood, James Moscola,
    David Reddick, Matthew Kulig, and Tim Brooks,
    International Working Conference on Active
    Networks (IWAN), Kyoto, Japan, December, 2003.
  • http//www.arl.wustl.edu/lockwood/publications/l
    ockwood_IWAN_2003.pdf
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Internet Worm and Virus Protection in Dynamically Reconfigurable Hardware By John W' Lockwood, et al" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!