一种可重构的异构多核DDoS防护架构

C. Pham-Quoc, Biet Nguyen-Hoang, T. N. Thinh
{"title":"一种可重构的异构多核DDoS防护架构","authors":"C. Pham-Quoc, Biet Nguyen-Hoang, T. N. Thinh","doi":"10.1109/NICS.2016.7725648","DOIUrl":null,"url":null,"abstract":"This paper proposes a reconfigurable heterogeneous multicore architecture to integrate multiple DDoS defense mechanisms for DDoS protection. The architecture allows multiple cooperating DDoS mitigation techniques to classify incoming network packets. The proposed architecture consists of two separated partitions: static and dynamic. The static partition includes packet pre-processing and post-processing modules while the DDoS filtering techniques are implemented on the dynamic partition. These filtering techniques can be implemented by either hardware custom computing cores or general purpose soft processors or both. In all cases, these DDoS filtering computing cores can be updated or changed at runtime or design time. We implement our first prototype system with Hop-count filtering and Ingress/Engress filtering techniques using Xilinx Virtex 5xc5vtx240t FPGA device. The synthesis results show that the system can work at up to 116.782MHz while utilizing about 41% LUTs, 47% Registers, and 53% Block Memory of the available hardware resources. The system achieves the detection rate of 100% with the false negative rate at 0% and false positive rate closed to 0.74%. The prototype system achieves packet decoding throughput at 9.869 Gbps in half-duplex mode and 19.738 Gbps in full-duplex mode.","PeriodicalId":347057,"journal":{"name":"2016 3rd National Foundation for Science and Technology Development Conference on Information and Computer Science (NICS)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2016-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A reconfigurable heterogeneous multicore architecture for DDoS protection\",\"authors\":\"C. Pham-Quoc, Biet Nguyen-Hoang, T. N. Thinh\",\"doi\":\"10.1109/NICS.2016.7725648\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper proposes a reconfigurable heterogeneous multicore architecture to integrate multiple DDoS defense mechanisms for DDoS protection. The architecture allows multiple cooperating DDoS mitigation techniques to classify incoming network packets. The proposed architecture consists of two separated partitions: static and dynamic. The static partition includes packet pre-processing and post-processing modules while the DDoS filtering techniques are implemented on the dynamic partition. These filtering techniques can be implemented by either hardware custom computing cores or general purpose soft processors or both. In all cases, these DDoS filtering computing cores can be updated or changed at runtime or design time. We implement our first prototype system with Hop-count filtering and Ingress/Engress filtering techniques using Xilinx Virtex 5xc5vtx240t FPGA device. The synthesis results show that the system can work at up to 116.782MHz while utilizing about 41% LUTs, 47% Registers, and 53% Block Memory of the available hardware resources. The system achieves the detection rate of 100% with the false negative rate at 0% and false positive rate closed to 0.74%. The prototype system achieves packet decoding throughput at 9.869 Gbps in half-duplex mode and 19.738 Gbps in full-duplex mode.\",\"PeriodicalId\":347057,\"journal\":{\"name\":\"2016 3rd National Foundation for Science and Technology Development Conference on Information and Computer Science (NICS)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 3rd National Foundation for Science and Technology Development Conference on Information and Computer Science (NICS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/NICS.2016.7725648\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 3rd National Foundation for Science and Technology Development Conference on Information and Computer Science (NICS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NICS.2016.7725648","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

摘要

该文提出一种可重构异构多核架构,集成多种DDoS防御机制,实现DDoS防护。该体系结构允许多种协作的DDoS缓解技术对传入的网络数据包进行分类。所建议的体系结构由两个分离的分区组成:静态和动态。静态分区包括报文预处理和后处理模块,而DDoS过滤技术在动态分区上实现。这些过滤技术可以通过硬件自定义计算核心或通用软处理器实现,或者两者兼而有之。在所有情况下,这些DDoS过滤计算核心都可以在运行时或设计时更新或更改。我们使用Xilinx Virtex 5xc5vtx240t FPGA器件实现了带有跳数滤波和入口/入口滤波技术的第一个原型系统。综合结果表明,该系统可以在高达116.782MHz的频率下工作,同时利用约41%的lut、47%的寄存器和53%的块内存。系统的检测率为100%,假阴性率为0%,假阳性率接近0.74%。原型系统在半双工模式下实现了9.869 Gbps的分组解码吞吐量,在全双工模式下实现了19.738 Gbps的分组解码吞吐量。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
A reconfigurable heterogeneous multicore architecture for DDoS protection
This paper proposes a reconfigurable heterogeneous multicore architecture to integrate multiple DDoS defense mechanisms for DDoS protection. The architecture allows multiple cooperating DDoS mitigation techniques to classify incoming network packets. The proposed architecture consists of two separated partitions: static and dynamic. The static partition includes packet pre-processing and post-processing modules while the DDoS filtering techniques are implemented on the dynamic partition. These filtering techniques can be implemented by either hardware custom computing cores or general purpose soft processors or both. In all cases, these DDoS filtering computing cores can be updated or changed at runtime or design time. We implement our first prototype system with Hop-count filtering and Ingress/Engress filtering techniques using Xilinx Virtex 5xc5vtx240t FPGA device. The synthesis results show that the system can work at up to 116.782MHz while utilizing about 41% LUTs, 47% Registers, and 53% Block Memory of the available hardware resources. The system achieves the detection rate of 100% with the false negative rate at 0% and false positive rate closed to 0.74%. The prototype system achieves packet decoding throughput at 9.869 Gbps in half-duplex mode and 19.738 Gbps in full-duplex mode.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Deadlock prevention for resource allocation in model nVM-out-of-1PM Early containment of fast network worm malware AF relay-assisted MIMO/FSO/QAM systems in Gamma-Gamma fading channels Incremental verification of ω-regions on binary control flow graph for computer virus detection A reconfigurable heterogeneous multicore architecture for DDoS protection
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1