Abstract
Network Intrusion Detection Systems (NIDS) and Anti-Denial-of-Service (DoS) employ Deep Packet Inspection (DPI) which provides visibility to the content of payload to detect network attacks. All DPI engines assume a pre-processing step that extracts the various protocol-specific fields. However, application layer (L7) field extraction is computationally expensive. We propose a novel Deep Packet Field Extraction Engine (DPFEE) for application layer field extraction to hardware. DPFEE is a content-aware, grammar-based, Layer 7 programmable field extraction engine for text-based protocols. Our prototype DPFEE implementation for the Session Initiation Protocol (SIP) and HTTP protocol on a single FPGA, achieves a bandwidth of 408.5 Gbps and this can be scaled beyond 500 Gbps. Single DPFEE exhibits a speedup of 24X-89X against widely used preprocessors. Even against 12 multi-instances of a preprocessor, single DPFEE demonstrated a speedup of 4.7-7.4X. Single DPFEE achieved 3.14X higher bandwidth, 1020X lower latency and 106X lower power consumption, when compared with 200 parallel streams of GPU accelerated preprocessor.
Original language | English (US) |
---|---|
Journal | IEEE Transactions on Multi-Scale Computing Systems |
DOIs | |
State | Accepted/In press - Oct 20 2017 |
Fingerprint
Keywords
- Application layer field extraction
- Bandwidth
- Communication networks
- Computer crime
- Deep Packet Inspection
- DoS Attacks
- Engines
- Hardware
- Hardware Acceleration
- Network Security
- Protocols
ASJC Scopus subject areas
- Control and Systems Engineering
- Information Systems
- Hardware and Architecture
Cite this
DPFEE : A High Performance Scalable Pre-processor for Network Security Systems. / Jyothi, Vinayaka; Addepalli, Sateesh K.; Karri, Ramesh.
In: IEEE Transactions on Multi-Scale Computing Systems, 20.10.2017.Research output: Contribution to journal › Article
}
TY - JOUR
T1 - DPFEE
T2 - A High Performance Scalable Pre-processor for Network Security Systems
AU - Jyothi, Vinayaka
AU - Addepalli, Sateesh K.
AU - Karri, Ramesh
PY - 2017/10/20
Y1 - 2017/10/20
N2 - Network Intrusion Detection Systems (NIDS) and Anti-Denial-of-Service (DoS) employ Deep Packet Inspection (DPI) which provides visibility to the content of payload to detect network attacks. All DPI engines assume a pre-processing step that extracts the various protocol-specific fields. However, application layer (L7) field extraction is computationally expensive. We propose a novel Deep Packet Field Extraction Engine (DPFEE) for application layer field extraction to hardware. DPFEE is a content-aware, grammar-based, Layer 7 programmable field extraction engine for text-based protocols. Our prototype DPFEE implementation for the Session Initiation Protocol (SIP) and HTTP protocol on a single FPGA, achieves a bandwidth of 408.5 Gbps and this can be scaled beyond 500 Gbps. Single DPFEE exhibits a speedup of 24X-89X against widely used preprocessors. Even against 12 multi-instances of a preprocessor, single DPFEE demonstrated a speedup of 4.7-7.4X. Single DPFEE achieved 3.14X higher bandwidth, 1020X lower latency and 106X lower power consumption, when compared with 200 parallel streams of GPU accelerated preprocessor.
AB - Network Intrusion Detection Systems (NIDS) and Anti-Denial-of-Service (DoS) employ Deep Packet Inspection (DPI) which provides visibility to the content of payload to detect network attacks. All DPI engines assume a pre-processing step that extracts the various protocol-specific fields. However, application layer (L7) field extraction is computationally expensive. We propose a novel Deep Packet Field Extraction Engine (DPFEE) for application layer field extraction to hardware. DPFEE is a content-aware, grammar-based, Layer 7 programmable field extraction engine for text-based protocols. Our prototype DPFEE implementation for the Session Initiation Protocol (SIP) and HTTP protocol on a single FPGA, achieves a bandwidth of 408.5 Gbps and this can be scaled beyond 500 Gbps. Single DPFEE exhibits a speedup of 24X-89X against widely used preprocessors. Even against 12 multi-instances of a preprocessor, single DPFEE demonstrated a speedup of 4.7-7.4X. Single DPFEE achieved 3.14X higher bandwidth, 1020X lower latency and 106X lower power consumption, when compared with 200 parallel streams of GPU accelerated preprocessor.
KW - Application layer field extraction
KW - Bandwidth
KW - Communication networks
KW - Computer crime
KW - Deep Packet Inspection
KW - DoS Attacks
KW - Engines
KW - Hardware
KW - Hardware Acceleration
KW - Network Security
KW - Protocols
UR - http://www.scopus.com/inward/record.url?scp=85032682844&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85032682844&partnerID=8YFLogxK
U2 - 10.1109/TMSCS.2017.2765324
DO - 10.1109/TMSCS.2017.2765324
M3 - Article
AN - SCOPUS:85032682844
JO - IEEE Transactions on Multi-Scale Computing Systems
JF - IEEE Transactions on Multi-Scale Computing Systems
SN - 2332-7766
ER -