Abstract
Due to the recent progress of the Internet, we need high-speed network monitors which can observe millions of packets per second. Since several types of network attacks occur, we need to modify monitoring facilities and their capacities depending on monitoring items and network speed. In this paper, we propose (1) a methodology for designing and implementing such network monitors flexibly and (2) a high-level synthesis technique which automatically synthesizes FPGA circuits from specifications of network monitors in a model called concurrent synchronous EFSMs. The proposed technique makes it possible to synthesize an FPGA circuit suitable for given monitoring items and parameters where the designer need not consider about how pipe-line processing and parallel processing should be adopted. We have developed a tool to automatically derive FPGA circuits and evaluated the speed and size of derived circuits.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
J. Apisdorf, K. Claffy and K. Thompson: “OC3MON: Flexible, Affordable, High-Performance Statistics Collection”, Proc. of INET’97 (1997), http://www.isoc.org/isoc/whatis/conferences/inet/97/proceedings/F1/F1 2.HTM
K. Claffy, G. J. Miller and K. Thompson: “the nature of the beast: recent trafficmeasurements from an Internet backbone”, Proc. of INET’98 (1998), http://www.caida.org/outreach/papers/1998/Inet98/
Z. D. Ditta, J. R. Cox Jr and G. M. Parulkar: “Design of the APIC: A High Performance ATM Host-Network Interface Chip”, Proc. of IEEE INFOCOM’95, pp. 179–187 (1995).
L. Garber: “Denial-of-Service Attacks Rip the Internet”, Proc. of IEEE Computer, pp. 12–17 (2000).
ISO: “Information Processing System, Open Systems Interconnection, LOTOS—A Formal Description Technique Based on the Temporal Ordering of Observational Behavior”, ISO 8807 (1989).
H. Katagiri, K. Yasumoto, A. Kitajima, T. Higashino and K. Taniguchi: “Hardware Implementation of Communication Protocols Modeled by Concurrent EFSMs with Multi-Way Synchronization”, 37th IEEE/ACM Design Automation Conference (DAC-2000), pp. 762–767 (2000).
G. Mansfield et. al: “Towards Trapping Wily Intruders in the Large”, Computer Networks, Vol. 34, pp. 659–670 (2000).
D. Moore, G. M. Voelker and S. Savage: “Inferring Internet Denial-of-Service Activity”, USENIX Security Symposium (2001).
K. Park and H. Kee: “On the Effectiveness of Route-Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets”, Proc. of ACM SIGCOMM2001, pp. 15–26 (2001).
V. Paxson: “Bro: A System for Detecting Network Intruders in Real-Time”, Computer Networks, Vol. 31, No.23–24, pp. 2435–2463 (1999).
SYNOPSYS, Inc.: http://www.synopsys.com
A. S. Tanenbaum: “Computer Networks, Third Edition”. Prentice-Hall Inc. (1996).
S. Yagi, T. Ogura, T. Kawano, M. Maruyama and N. Takahashi: “METAMONITOR: An Adaptive Network-traffic Monitor”, Journal of Information Processing Society of Japan, Vol.41, No.2, pp. 444–451 (2000) (in Japanese).
K. Yasumoto, A. Kitajima, T. Higashino and K. Taniguchi: “Hardware Synthesis from Protocol Specifications in LOTOS”, Proc. of Joint Intl. Conf. on 11th Formal Description Techniques and 18th Protocol Specification, Testing, and Verification (FORTE/PSTV’98), pp. 405–420 (1998).
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kirimura, M., Takamoto, Y., Mori, T., Yasumoto, K., Nakata, A., Higashino, T. (2002). Design and Implementation of FPGA Circuits for High Speed Network Monitors. In: Glesner, M., Zipf, P., Renovell, M. (eds) Field-Programmable Logic and Applications: Reconfigurable Computing Is Going Mainstream. FPL 2002. Lecture Notes in Computer Science, vol 2438. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-46117-5_42
Download citation
DOI: https://doi.org/10.1007/3-540-46117-5_42
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44108-3
Online ISBN: 978-3-540-46117-3
eBook Packages: Springer Book Archive