DPFEE: A high performance scalable pre-processor for network security systems

Vinayaka Jyothi, Sateesh K. Addepalli, Ramesh Karri

Research output: Contribution to journalArticle

Abstract

Network Intrusion Detection Systems (NIDS) and Anti-Denial-of-Service (DoS) employ Deep Packet Inspection (DPI) which provides visibility to the content of payload to detect network attacks. All DPI engines assume a pre-processing step that extracts the various protocol-specific fields. However, application layer (L7) field extraction is computationally expensive. We propose a novel Deep Packet Field Extraction Engine (DPFEE) for application layer field extraction to hardware. DPFEE is a content-aware, grammar-based, Layer 7 programmable field extraction engine for text-based protocols. Our prototype DPFEE implementation for the Session Initiation Protocol (SIP) and HTTP protocol on a single FPGA, achieves a bandwidth of 408.5 Gbps and this can be scaled beyond 500 Gbps. Single DPFEE exhibits a speedup of 24X-89X against widely used preprocessors. Even against 12 multi-instances of a preprocessor, single DPFEE demonstrated a speedup of 4.7-7.4X. Single DPFEE achieved 3.14X higher bandwidth, 1020X lower latency, and 106X lower power consumption, when compared with 200 parallel streams of GPU accelerated preprocessor.

Original languageEnglish (US)
Pages (from-to)55-68
Number of pages14
JournalIEEE Transactions on Multi-Scale Computing Systems
Volume4
Issue number1
DOIs
StatePublished - Jan 1 2018

    Fingerprint

Keywords

  • Application layer field extraction
  • DoS attacks
  • deep packet inspection
  • hardware acceleration
  • network security

ASJC Scopus subject areas

  • Control and Systems Engineering
  • Information Systems
  • Hardware and Architecture

Cite this