Skip to main content
SpringerLink
Log in
Book cover

International Conference on Field Programmable Logic and Applications

FPL 2002: Field-Programmable Logic and Applications: Reconfigurable Computing Is Going Mainstream pp 452–461Cite as

Specialized Hardware for Deep Network Packet Filtering

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2438))

Abstract

Many computer network provide limited security through simple firewall feature in router and switch. Some networks that require higher security use deep packet filter to capture packets that can not be detected by simple firewall. Deep packet filters use list of rules for determining safety of packets. There is a high degree of parallelism in processing these rules because each rule represent independent pattern matching process. We find that the underlying architecture for existing software and hardware firewalls do not fully take advantage of this parallelism. Thus, we design a deep packet filtering firewall on a field programmable gate array (FPGA) to take advantage of the parallelism while retaining its programmability. Our implementation is capable of processing over 2.88 gigabits per second of network stream on an Altera EP20K series FPGA without manual optimization.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. J. McHugh, A. Christie, J. Allen, “Defending Yourself: The Role of Intrusion Detection Systems,” IEEE Software Magazine, Sept./Oct. 2000.

    Google Scholar 

  2. CERT/CC, “CERT Advisory CA-2001-19 Code RedWorm Exploiting Buffer Over-flow In IIS Indexing Service DLL”, Carnegie Mellon Software Engineering Institute, August 23, 2001.

    Google Scholar 

  3. Viacom Inc., “Firewall Q&A”, 2001.

    Google Scholar 

  4. J. Allen, A. Christie, W. Fithen, J. McHugh, J. Pickel, E. Stoner, “State of the Practice of Intrusion Detection Technologies,” Technical Report, Carnegie Mellon Software Engineering Institute, Jan. 2000.

    Google Scholar 

  5. M. Roesch, “Snort-Lightweight Intrusion Detection for Networks”, USENIX LISA’ 99 conference, Nov. 1999.

    Google Scholar 

  6. M. Karagiannis, “How to create a Stealth Packet Scrubber using Hogwash,” Application Notes for Hogwash, 2001.

    Google Scholar 

  7. Netperf.org, “Netperf documentation”, 1997.

    Google Scholar 

  8. SonicWall Inc.,“Denial of Service Attacks-An Emerging Vulnerability of Connected“ “Network,” White paper, 2001.

    Google Scholar 

  9. Broadcom Inc., “Strada Switch II BCM5616-Integrated Multi-layer Switch,” Product Brief, 2001.

    Google Scholar 

  10. PMC Sierra Inc., “PM2329 ClassiPi Network Classification Processor Datasheet,” Product Datasheet, PMC-2010146, Issue 4, 2001.

    Google Scholar 

  11. PMC Sierra Inc., “Preliminary PM2329 ClassiPi Wire-speed Performance Application Note,” Application Note, PMC-2010258, Issue 1, October 2001.

    Google Scholar 

  12. M. Iliopoulos, T. Antonakopoulos, “Reconfigurable network processors based on field programmable system level integrated circuits,” 10th Conference on Field Programmable Logic and Applications, pp. 39–47, 2000.

    Google Scholar 

  13. A. Dollas, D. Pnevmatikatos, N. Aslanides, et al., “Rapid prototyping of a reusable 4x4 active ATM switch core with the PCI pamette,” 12th International Workshop on Rapid Prototyping, pp. 17–23, 2001.

    Google Scholar 

  14. J.W. Lockwood, “Evolvable Internet hardware platforms,” Proceedings of the 3rd NASA/DoD Workshop on Evolvable Hardware, pp. 271–279, 2001.

    Google Scholar 

  15. F. Braun, J. Lockwood, M. Waldvogel,“Reconfigurable router modules using network protocol wrappers,” 11th Conference on Field Programmable Logic and Applications (FPL01), pp. 254–263, 2001.

    Google Scholar 

  16. H. Fallside, M.J.S. Smith, “Internet connected FPL,” 10th Conference on Field Programmable Logic and Applications, pp. 48–57, 2000.

    Google Scholar 

  17. F. Braun, J. Lockwood, M. Waldvogel, “Protocol wrappers for layered network packet processing in reconfigurable hardware,”IEEE Micro, Vol. 22, Issue 1, pp. 66–74, Jan.–Feb. 2002.

    Article  Google Scholar 

  18. P.W. Dowd, J.T. McHenry, F.A. Pellegrino, T.M. Carrozzi and W.B. Cocks, “An FPGA-Based Coprocessor for ATM Firewalls,” Proceedings of the IEEE Symposium on FPGA’s for Custom Computing Machines (FCCM97), April 1997.

    Google Scholar 

  19. R. Sinnappan and S. Hazelhurst, “A Reconfigurable Approach to Packet Filtering,” In Proceedings of FPL 2001: 11th International Conference on Field Programmable Logic and Applications, Belfast, United Kingdom, August 2001.

    Google Scholar 

  20. R. Sidhu and V. K. Prasanna, “Fast Regular Expression Matching using FPGAs,” IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM01), April 2001.

    Google Scholar 

  21. D. Carver, R. Franklin, B.L. Hutchings, “Assisting Network Intrusion Detection with Reconfigurable Hardware,” Proceedings of the IEEE Symposium on FPGA’s for Custom Computing Machines (FCCM02), April 2002.

    Google Scholar 

  22. Altera Inc., “Altera Quartus II Development Software Manual”, 2001.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. The University of California, 91311, Los Angeles, CA

    Young H. Cho, Shiva Navab & William H. Mangione-Smith

Authors
  1. Young H. Cho
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shiva Navab
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. William H. Mangione-Smith
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institut für Datentechnik, FG Mikroelektronische Systeme, Technische Universität Darmstadt, Karlstraße 15, 64283, Darmstadt, Germany

    Manfred Glesner  & Peter Zipf  & 

  2. Microelectronics Department, LIRMM, 161 rue Ada, 34392, Montpellier Cedex, France

    Michel Renovell

Rights and permissions

Reprints and permissions

Copyright information

© 2002 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Cho, Y.H., Navab, S., Mangione-Smith, W.H. (2002). Specialized Hardware for Deep Network Packet Filtering. In: Glesner, M., Zipf, P., Renovell, M. (eds) Field-Programmable Logic and Applications: Reconfigurable Computing Is Going Mainstream. FPL 2002. Lecture Notes in Computer Science, vol 2438. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-46117-5_48

Download citation

  • DOI: https://doi.org/10.1007/3-540-46117-5_48

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-44108-3

  • Online ISBN: 978-3-540-46117-3

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation