|
For Full-Text PDF, please login, if you are a member of IEICE,
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
|
Large-Throughput Anomaly Prevention Mechanism Implemented in Dynamic Reconfigurable Processor
Takashi ISOBE
Publication
IEICE TRANSACTIONS on Communications
Vol.E89-B
No.9
pp.2440-2447 Publication Date: 2006/09/01 Online ISSN: 1745-1345
DOI: 10.1093/ietcom/e89-b.9.2440 Print ISSN: 0916-8516 Type of Manuscript: Special Section PAPER (Special Section on Networking Technologies for Overlay Networks) Category: Keyword: network security, DDoS, worm, P2P, anomaly prevention, DRP, IDS, IPS,
Full Text: PDF(2.1MB)>>
Summary:
Large-throughput anomaly prevention mechanism in the upstream side of high-speed (over 10-Gbps) networks is required to prevent various anomalies such as distributed denial of service (DDoS) from causing various network problems. This mechanism requests the processors achieving not only high-speed response for analyzing many packets in a short time but also the flexibility to update the anomaly prevention algorithm. In this research, I assumed a dynamic reconfigurable processor (DRP) was most effective in achieving this anomaly prevention mechanism, for processors used in nodes with the mechanism, and I designed an anomaly prevention mechanism using DRPs. The mechanism can shorten anomaly prevention time in high-speed (10 Gbps) lines using an all-packet analysis. Through a simulation, I achieved the goal of the mechanism achieving a throughput of 83-M packets per second using three DRPs (432 execution elements used). Moreover, with the prototype, it was confirmed that the proposed mechanism prevented anomalies in a short time (constant 0.01 second), which was 3000 times faster than that of a legacy mechanism using a packet sampling method. I also proposed integrated prevention, which was able to reduce the number of execution elements comprising anomaly prevention algorithm against various kinds of anomalies. It was achieved with a simulation that the proposed integrated prevention against three kinds of anomalies (DDoS, worm, and peer to peer (P2P)) reduced the number of execution elements by 24% compared to legacy prevention. In addition, non-stop update was proposed to maintain throughput when updating an anomaly prevention algorithm without packet loss. It was confirmed with a simulation that there was enough time for non-stop update in 10 Gbps 4 lines.
|
|
|