Dynamic packet-filtering in high-speed networks using NetFPGAs

Author

Engelmann, Felix ; Lukaseder, Thomas ; Erb, Benjamin ; van der Heijden, Rens ; Kargl, Frank

Author_Institution

Inst. of Distrib. Syst., Univ. of Ulm, Ulm, Germany

fYear

2014

fDate

13-15 Aug. 2014

Firstpage

55

Lastpage

59

Abstract

Computational power for content filtering in high-speed networks reaches a limit, but many applications as intrusion detection systems rely on such processes. Especially signature based methods need extraction of header fields. Hence we created an parallel protocol-stack parser module on the NetFPGA 10G architecture with a framework for simple adaption to custom protocols. Our measurements prove that the appliance operates at 9.5 Gb/s with a delay in order of any active hop. The work provides the foundation to use for application specific projects in the NetFPGA context.

Keywords

cryptographic protocols; digital signatures; field programmable gate arrays; filtering theory; NetFPGA 10G architecture; bit rate 9.5 Gbit/s; computational power; content filtering; dynamic packet-filtering; header field extraction; high-speed networks; intrusion detection systems; parallel protocol-stack parser module; signature based methods; Buffer storage; Delays; Field programmable gate arrays; Hardware; Intrusion detection; Protocols; Throughput;

fLanguage

English

Publisher

ieee

Conference_Titel

Future Generation Communication Technology (FGCT), 2014 Third International Conference on

Conference_Location

Luton

Type

conf

DOI

10.1109/FGCT.2014.6933224

Filename

6933224