Abstract
Increasing transmission speeds in high-performance networks pose significant challenges to protecting the systems and networking infrastructure. Reconfigurable devices have already been used with great success to implement lower-levels of appropriate security measures (e.g., deep-packet inspection). We present a reconfigurable processing architecture capable of handling even application-level tasks, and also able to autonomously adapt itself to varying traffic patterns using dynamic partial reconfiguration. As a first use-case, we examine the collection of Malware by emulating an entire honeynet of potentially hundreds of thousands of hosts using a single-chip implementation of the architecture.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Alserhani, F., Akhlaq, M., Awan, I.U., Mellor, J., Cullen, A.J., Mirchandani, P.: Evaluating Intrusion Detection Systems in High Speed Networks. In: Proc. of the 5th. Intl. Conf. on Information Assurance and Security, vol. 02, pp. 454–459 (2009)
Flynn, A., Gordon-Ross, A., George, A.D.: Bitstream relocation with local clock domains for partially reconfigurable FPGAs. In: Proc. of the Conference on Design, Automation and Test in Europe, pp. 300–303 (2009)
Hori, Y., Satoh, A., Sakane, H., Toda, K.: Bitstream Encryption and Authentication Using AES-GCM in Dynamically Reconfigurable Systems. In: Proc. of the 3rd Intl. Workshop on Security, pp. 261–278 (2008)
Katashita, T., Yamaguchi, Y., Maeda, A., Toda, K.: FPGA-Based Intrusion Detection System for 10 Gigabit Ethernet. IEICE - Trans. Inf. Syst. E90-D, 1923–1931 (2007)
Koch, D., Beckhoff, C., Teich, J.: Bitstream Decompression for High Speed FPGA Configuration from Slow Memories. In: Proc. of the Intl. Conference on Field-Programmable Technology (2007)
Litchfield, D.: Microsoft SQL Server 2000 Unauthenticated System Compromise (2000), http://marc.info/?l=bugtraq&m=102760196931518&w=2
Liu, M., Kuehn, W., Lu, Z., Jantsch, A.: Run-time Partial Reconfiguration Speed Investigation and Architectural Design Space Exploration. In: Proc. of the Intl. Conference on Field Programmable Logic and Applications (2009)
Mühlbach, S., Brunner, M., Roblee, C., Koch, A.: Malcobox: Designing a 10 gb/s malware collection honeypot using reconfigurable technology. In: Proc. of the 20th Intl. Conf. on Field Programmable Logic and Applications, pp. 592–595 (2010)
Mühlbach, S., Koch, A.: A dynamically reconfigured network platform for high-speed malware collection. In: Proc. of the Intl. Conf. on ReConFigurable Computing and FPGAs (2010)
Pejovic, V., Kovacevic, I., Bojanic, S., Leita, C., Popovic, J., Nieto-Taladriz, O.: Migrating a Honeypot to Hardware. In: Proc. of the Intl. Conf. on Emerging Security Information, Systems, and Technologies, pp. 151–156 (2007)
Singaraju, J., Chandy, J.A.: FPGA based string matching for network processing applications. Microprocessors and Microsystems 32(4), 210–222 (2008)
Thumann, M.: Buffer Overflow in SIP Foundry’s SipXtapi (2006), http://www.securityfocus.com/archive/1/439617
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mühlbach, S., Koch, A. (2011). NetStage/DPR: A Self-adaptable FPGA Platform for Application-Level Network Security. In: Koch, A., Krishnamurthy, R., McAllister, J., Woods, R., El-Ghazawi, T. (eds) Reconfigurable Computing: Architectures, Tools and Applications. ARC 2011. Lecture Notes in Computer Science, vol 6578. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19475-7_35
Download citation
DOI: https://doi.org/10.1007/978-3-642-19475-7_35
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-19474-0
Online ISBN: 978-3-642-19475-7
eBook Packages: Computer ScienceComputer Science (R0)