Abstract
Today’s crucial information networks are vulnerable to fast-moving attacks by Internet worms and computer viruses. These attacks have the potential to cripple the Internet and compromise the integrity of the data on the end-user machines. Without new types of protection, the Internet remains susceptible to the assault of increasingly aggressive attacks. A platform has been implemented that actively detects and blocks worms and viruses at multi-Gigabit/second rates. It uses the Field-programmable Port Extender (FPX) to scan for signatures of malicious software (malware) carried in packet payloads. Dynamically reconfigurable Field Programmable Gate Array (FPGA) logic tracks the state of Internet flows and searches for regular expressions and fixed-strings that appear in the content of packets. Protection is achieved by the incremental deployment of systems throughout the Internet.
Chapter PDF
Similar content being viewed by others
Keywords
- Transmission Control Protocol
- Field Programmable Gate Array
- Regular Expression
- Computer Virus
- Internet Protocol Address
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Skoudis, E., Ziltser, L.: Malware: Fighting Malicious Code, 1st edn. Prentice Hall, New Jersey (2003)
Moore, D., Shannon, C., Voelker, G., Savage, S.: Internet quarantine: Requirements for containing self-propagating code. In: IEEE INFOCOM, San Francisco, CA (March 2003)
US Congressman Adam Putnam, Chairman, Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census, Oversight Hearing: Opening statement, Worm and Virus Defense: How Can We Protect the Nations Computers from These Serious Threats (September 2003), http://reform.house.gov/TIPRC/-Hearings/EventSingle.aspx?EventID=526
Paxson, V., Staniford, S., Weaver, N.: How to own the internet in your spare time. In: Proceedings of the 11th Usenix Security Symposium (August 2002)
Pethia, R.D.: Director of CERT Coordination Center, Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census: Oversight Hearing, Worm and Virus Defense: Viruses and Worms: What can we do about them (September 2003), http://reform.house.gov/UploadedFiles/-Pethia_testimony_Sept2003-v7.pdf
Lockwood, J.W., Moscola, J., Kulig, M., Reddick, D., Brooks, T.: Internet worm and virus protection in dynamically reconfigurable hardware. In: Military and Aerospace Programmable Logic Device (MAPLD), Washington DC, p. E10 (September 2003)
CERT coordination center (2003), http://www.cert.org/
Know your enemy: Honeynets (November 2003), http://www.honeynet.org/papers/honeynet
Singh, S., Estan, C., Varghese, G., Savage, S.: The Early Bird system for realtime detection of unknown worms. UCSD Tech Report CS2003-0761 (August 2003)
Roesch, M.: SNORT - lightweight intrusion detection for networks. In: LISA 1999: USENIX 13th Systems Administration Conference, Seattle, Washington (November 1999)
Schaelicke, L., Slabach, T., Moore, B., Freeland, C.: Characterizing the performance of network intrusion detection sensors. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 155–172. Springer, Heidelberg (2003)
Lockwood, J.W.: Evolvable Internet hardware platforms. In: The Third NASA/DoD Workshop on Evolvable Hardware (EH 2001), July 2001, pp. 271–279 (2001)
FortiNet, Product overview (November 2003), http://www.fortinet.com/products/
IntruVert, Press release (April 2003), http://www.networkassociates.com/us/about/press/corporate/2003/-20030401_173857.htm
TippingPoint, UnityOne (2000), http://www.tippingpoint.com/resource_library/pdfs/2000_Data_Sheet.pdf
Packeteer, Shaping your network for business (November 2003), http://www.packeteer.com/resources/prod-sol/PacketeerBroFinal2.pdf
Sidhu, R., Prasanna, V.: Fast regular expression matching using FPGAs. In: IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM) (April 2001)
Franklin, R., Carver, D., Hutchings, B.L.: Assisting network intrusion detection with reconfigurable hardware. In: IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM), Napa, CA (April 2002)
Lockwood, J.W., Naufel, N., Turner, J.S., Taylor, D.E.: Reprogrammable Network Packet Processing on the Field Programmable Port Extender (FPX). In: ACM International Symposium on Field Programmable Gate Arrays (FPGA 2001), Monterey, CA, USA, February 2001, pp. 87–93 (2001)
Braun, F., Lockwood, J., Waldvogel, M.: Protocol wrappers for layered network packet processing in reconfigurable hardware. IEEE Micro 22, 66–74 (2002)
Schuehler, D.V., Lockwood, J.: TCP-Splitter: A TCP/IP flow monitor in reconfigurable hardware. In: Hot Interconnects, Stanford, CA, August 2002, pp. 127–131 (2002)
Schuehler, D.V., Moscola, J., Lockwood, J.W.: Architecture for a hardware based, tcp/ip content scanning system. In: Hot Interconnects, Stanford, CA, August 2003, pp. 89–94 (2003)
Lockwood, J.W., Neely, C., Zuver, C., Moscola, J., Dharmapurikar, S., Lim, D.: An extensible, system-on-programmable-chip, content-aware Internet firewall. In: Y. K. Cheung, P., Constantinides, G.A. (eds.) FPL 2003. LNCS, vol. 2778, p. 14B, Springer, Heidelberg (2003)
Taylor, D.E., Turner, J.S., Lockwood, J.W., Sproull, T.S., Parlour, D.B.: Scalable IP lookup for Internet routers. IEEE Journal on Selected Areas in Communications (JSAC) 21, 522–534 (2003)
Dharmapurikar, S., Krishnamurthy, P., Taylor, D.E.: Longest prefix matching using Bloom filters. In: SIGCOMM, Karlsruhe, Germany (August 2003)
Moscola, J., Lockwood, J., Loui, R.P., Pachos, M.: Implementation of a contentscanning module for an Internet firewall. In: FCCM, Napa, CA (April 2003)
Moscola, J., Pachos, M., Lockwood, J.W., Loui, R.P.: Implementation of a streaming content search-and-replace module for an Internet firewall. In: Hot Interconnects, Stanford, CA, USA, August 2003, pp. 122–129 (2003)
Dharmapurikar, S., Krishnamurthy, P., Sproull, T., Lockwood, J.W.: Deep packet inspection using parallel Bloom filters. In: Hot Interconnects, Stanford, CA, August 2003, pp. 44–51 (2003)
Sproull, T., Lockwood, J.W., Taylor, D.E.: Control and configuration software for a reconfigurable networking hardware platform. In: IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM), Napa, CA (April 2002)
Schuehler, D.V., Lockwood, J.W.: TCP splitter: A TCP/IP flow monitor in reconfigurable hardware. IEEE Micro 23, 54–59 (2003)
Cho, Y., Nahab, S., Mangione-Smith, W.H.: Specialized hardware for deep network packet filtering. In: Field Programmable Logic and Applications (FPL), Montpellier, France (September 2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 IFIP International Federation for Information Processing
About this paper
Cite this paper
Lockwood, J.W., Moscola, J., Reddick, D., Kulig, M., Brooks, T. (2004). Application of Hardware Accelerated Extensible Network Nodes for Internet Worm and Virus Protection. In: Wakamiya, N., Solarski, M., Sterbenz, J. (eds) Active Networks. IWAN 2003. Lecture Notes in Computer Science, vol 2982. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24715-9_5
Download citation
DOI: https://doi.org/10.1007/978-3-540-24715-9_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-21250-8
Online ISBN: 978-3-540-24715-9
eBook Packages: Springer Book Archive