{"title":"一种可重构的异构多核DDoS防护架构","authors":"C. Pham-Quoc, Biet Nguyen-Hoang, T. N. Thinh","doi":"10.1109/NICS.2016.7725648","DOIUrl":null,"url":null,"abstract":"This paper proposes a reconfigurable heterogeneous multicore architecture to integrate multiple DDoS defense mechanisms for DDoS protection. The architecture allows multiple cooperating DDoS mitigation techniques to classify incoming network packets. The proposed architecture consists of two separated partitions: static and dynamic. The static partition includes packet pre-processing and post-processing modules while the DDoS filtering techniques are implemented on the dynamic partition. These filtering techniques can be implemented by either hardware custom computing cores or general purpose soft processors or both. In all cases, these DDoS filtering computing cores can be updated or changed at runtime or design time. We implement our first prototype system with Hop-count filtering and Ingress/Engress filtering techniques using Xilinx Virtex 5xc5vtx240t FPGA device. The synthesis results show that the system can work at up to 116.782MHz while utilizing about 41% LUTs, 47% Registers, and 53% Block Memory of the available hardware resources. The system achieves the detection rate of 100% with the false negative rate at 0% and false positive rate closed to 0.74%. The prototype system achieves packet decoding throughput at 9.869 Gbps in half-duplex mode and 19.738 Gbps in full-duplex mode.","PeriodicalId":347057,"journal":{"name":"2016 3rd National Foundation for Science and Technology Development Conference on Information and Computer Science (NICS)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2016-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A reconfigurable heterogeneous multicore architecture for DDoS protection\",\"authors\":\"C. Pham-Quoc, Biet Nguyen-Hoang, T. N. Thinh\",\"doi\":\"10.1109/NICS.2016.7725648\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper proposes a reconfigurable heterogeneous multicore architecture to integrate multiple DDoS defense mechanisms for DDoS protection. The architecture allows multiple cooperating DDoS mitigation techniques to classify incoming network packets. The proposed architecture consists of two separated partitions: static and dynamic. The static partition includes packet pre-processing and post-processing modules while the DDoS filtering techniques are implemented on the dynamic partition. These filtering techniques can be implemented by either hardware custom computing cores or general purpose soft processors or both. In all cases, these DDoS filtering computing cores can be updated or changed at runtime or design time. We implement our first prototype system with Hop-count filtering and Ingress/Engress filtering techniques using Xilinx Virtex 5xc5vtx240t FPGA device. The synthesis results show that the system can work at up to 116.782MHz while utilizing about 41% LUTs, 47% Registers, and 53% Block Memory of the available hardware resources. The system achieves the detection rate of 100% with the false negative rate at 0% and false positive rate closed to 0.74%. The prototype system achieves packet decoding throughput at 9.869 Gbps in half-duplex mode and 19.738 Gbps in full-duplex mode.\",\"PeriodicalId\":347057,\"journal\":{\"name\":\"2016 3rd National Foundation for Science and Technology Development Conference on Information and Computer Science (NICS)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 3rd National Foundation for Science and Technology Development Conference on Information and Computer Science (NICS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/NICS.2016.7725648\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 3rd National Foundation for Science and Technology Development Conference on Information and Computer Science (NICS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NICS.2016.7725648","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A reconfigurable heterogeneous multicore architecture for DDoS protection
This paper proposes a reconfigurable heterogeneous multicore architecture to integrate multiple DDoS defense mechanisms for DDoS protection. The architecture allows multiple cooperating DDoS mitigation techniques to classify incoming network packets. The proposed architecture consists of two separated partitions: static and dynamic. The static partition includes packet pre-processing and post-processing modules while the DDoS filtering techniques are implemented on the dynamic partition. These filtering techniques can be implemented by either hardware custom computing cores or general purpose soft processors or both. In all cases, these DDoS filtering computing cores can be updated or changed at runtime or design time. We implement our first prototype system with Hop-count filtering and Ingress/Engress filtering techniques using Xilinx Virtex 5xc5vtx240t FPGA device. The synthesis results show that the system can work at up to 116.782MHz while utilizing about 41% LUTs, 47% Registers, and 53% Block Memory of the available hardware resources. The system achieves the detection rate of 100% with the false negative rate at 0% and false positive rate closed to 0.74%. The prototype system achieves packet decoding throughput at 9.869 Gbps in half-duplex mode and 19.738 Gbps in full-duplex mode.