DPFEE: A High Performance Scalable Pre-processor for Network Security Systems

Vinayaka Jyothi, Sateesh K. Addepalli, Ramesh Karri

Research output: Contribution to journalArticle

Abstract

Network Intrusion Detection Systems (NIDS) and Anti-Denial-of-Service (DoS) employ Deep Packet Inspection (DPI) which provides visibility to the content of payload to detect network attacks. All DPI engines assume a pre-processing step that extracts the various protocol-specific fields. However, application layer (L7) field extraction is computationally expensive. We propose a novel Deep Packet Field Extraction Engine (DPFEE) for application layer field extraction to hardware. DPFEE is a content-aware, grammar-based, Layer 7 programmable field extraction engine for text-based protocols. Our prototype DPFEE implementation for the Session Initiation Protocol (SIP) and HTTP protocol on a single FPGA, achieves a bandwidth of 408.5 Gbps and this can be scaled beyond 500 Gbps. Single DPFEE exhibits a speedup of 24X-89X against widely used preprocessors. Even against 12 multi-instances of a preprocessor, single DPFEE demonstrated a speedup of 4.7-7.4X. Single DPFEE achieved 3.14X higher bandwidth, 1020X lower latency and 106X lower power consumption, when compared with 200 parallel streams of GPU accelerated preprocessor.

Original languageEnglish (US)
JournalIEEE Transactions on Multi-Scale Computing Systems
DOIs
StateAccepted/In press - Oct 20 2017

Fingerprint

Network security
Security systems
Engines
Network protocols
Inspection
Bandwidth
HTTP
Intrusion detection
Visibility
Field programmable gate arrays (FPGA)
Electric power utilization
Hardware
Processing

Keywords

  • Application layer field extraction
  • Bandwidth
  • Communication networks
  • Computer crime
  • Deep Packet Inspection
  • DoS Attacks
  • Engines
  • Hardware
  • Hardware Acceleration
  • Network Security
  • Protocols

ASJC Scopus subject areas

  • Control and Systems Engineering
  • Information Systems
  • Hardware and Architecture

Cite this

DPFEE : A High Performance Scalable Pre-processor for Network Security Systems. / Jyothi, Vinayaka; Addepalli, Sateesh K.; Karri, Ramesh.

In: IEEE Transactions on Multi-Scale Computing Systems, 20.10.2017.

Research output: Contribution to journalArticle

@article{11674bba8fe6469d9585773948deb141,
title = "DPFEE: A High Performance Scalable Pre-processor for Network Security Systems",
abstract = "Network Intrusion Detection Systems (NIDS) and Anti-Denial-of-Service (DoS) employ Deep Packet Inspection (DPI) which provides visibility to the content of payload to detect network attacks. All DPI engines assume a pre-processing step that extracts the various protocol-specific fields. However, application layer (L7) field extraction is computationally expensive. We propose a novel Deep Packet Field Extraction Engine (DPFEE) for application layer field extraction to hardware. DPFEE is a content-aware, grammar-based, Layer 7 programmable field extraction engine for text-based protocols. Our prototype DPFEE implementation for the Session Initiation Protocol (SIP) and HTTP protocol on a single FPGA, achieves a bandwidth of 408.5 Gbps and this can be scaled beyond 500 Gbps. Single DPFEE exhibits a speedup of 24X-89X against widely used preprocessors. Even against 12 multi-instances of a preprocessor, single DPFEE demonstrated a speedup of 4.7-7.4X. Single DPFEE achieved 3.14X higher bandwidth, 1020X lower latency and 106X lower power consumption, when compared with 200 parallel streams of GPU accelerated preprocessor.",
keywords = "Application layer field extraction, Bandwidth, Communication networks, Computer crime, Deep Packet Inspection, DoS Attacks, Engines, Hardware, Hardware Acceleration, Network Security, Protocols",
author = "Vinayaka Jyothi and Addepalli, {Sateesh K.} and Ramesh Karri",
year = "2017",
month = "10",
day = "20",
doi = "10.1109/TMSCS.2017.2765324",
language = "English (US)",
journal = "IEEE Transactions on Multi-Scale Computing Systems",
issn = "2332-7766",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - JOUR

T1 - DPFEE

T2 - A High Performance Scalable Pre-processor for Network Security Systems

AU - Jyothi, Vinayaka

AU - Addepalli, Sateesh K.

AU - Karri, Ramesh

PY - 2017/10/20

Y1 - 2017/10/20

N2 - Network Intrusion Detection Systems (NIDS) and Anti-Denial-of-Service (DoS) employ Deep Packet Inspection (DPI) which provides visibility to the content of payload to detect network attacks. All DPI engines assume a pre-processing step that extracts the various protocol-specific fields. However, application layer (L7) field extraction is computationally expensive. We propose a novel Deep Packet Field Extraction Engine (DPFEE) for application layer field extraction to hardware. DPFEE is a content-aware, grammar-based, Layer 7 programmable field extraction engine for text-based protocols. Our prototype DPFEE implementation for the Session Initiation Protocol (SIP) and HTTP protocol on a single FPGA, achieves a bandwidth of 408.5 Gbps and this can be scaled beyond 500 Gbps. Single DPFEE exhibits a speedup of 24X-89X against widely used preprocessors. Even against 12 multi-instances of a preprocessor, single DPFEE demonstrated a speedup of 4.7-7.4X. Single DPFEE achieved 3.14X higher bandwidth, 1020X lower latency and 106X lower power consumption, when compared with 200 parallel streams of GPU accelerated preprocessor.

AB - Network Intrusion Detection Systems (NIDS) and Anti-Denial-of-Service (DoS) employ Deep Packet Inspection (DPI) which provides visibility to the content of payload to detect network attacks. All DPI engines assume a pre-processing step that extracts the various protocol-specific fields. However, application layer (L7) field extraction is computationally expensive. We propose a novel Deep Packet Field Extraction Engine (DPFEE) for application layer field extraction to hardware. DPFEE is a content-aware, grammar-based, Layer 7 programmable field extraction engine for text-based protocols. Our prototype DPFEE implementation for the Session Initiation Protocol (SIP) and HTTP protocol on a single FPGA, achieves a bandwidth of 408.5 Gbps and this can be scaled beyond 500 Gbps. Single DPFEE exhibits a speedup of 24X-89X against widely used preprocessors. Even against 12 multi-instances of a preprocessor, single DPFEE demonstrated a speedup of 4.7-7.4X. Single DPFEE achieved 3.14X higher bandwidth, 1020X lower latency and 106X lower power consumption, when compared with 200 parallel streams of GPU accelerated preprocessor.

KW - Application layer field extraction

KW - Bandwidth

KW - Communication networks

KW - Computer crime

KW - Deep Packet Inspection

KW - DoS Attacks

KW - Engines

KW - Hardware

KW - Hardware Acceleration

KW - Network Security

KW - Protocols

UR - http://www.scopus.com/inward/record.url?scp=85032682844&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85032682844&partnerID=8YFLogxK

U2 - 10.1109/TMSCS.2017.2765324

DO - 10.1109/TMSCS.2017.2765324

M3 - Article

AN - SCOPUS:85032682844

JO - IEEE Transactions on Multi-Scale Computing Systems

JF - IEEE Transactions on Multi-Scale Computing Systems

SN - 2332-7766

ER -