Application of netfpga in network security
1 / 14

Application of NetFPGA in Network Security - PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

Application of NetFPGA in Network Security. Hao Chen 2/25/2011. Introduction to Shrew DDoS Attacks. DDoS attacks : Distributed Denial of Service attacks Shrew DDoS Attacks: Low rate TCP targeted DDoS Attacks. Power Spectral Density (PSD) Based Analysis.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentationdownload

Application of NetFPGA in Network Security

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Application of netfpga in network security

Application of NetFPGA in Network Security

Hao Chen


Introduction to shrew ddos attacks

Introduction to Shrew DDoS Attacks

  • DDoSattacks : Distributed Denial of Service attacks

  • Shrew DDoSAttacks: Low rate TCP targeted DDoS Attacks

Power spectral density psd based analysis

Power Spectral Density (PSD) Based Analysis

  • Performing PSD analysis is computing intensive

  • Adopt hardware implementation

    • NetFPGA based shrew DDoS attack detector

A netfpga board

A NetFPGA Board

  • Network + FPGA (Field Programmable Gate Arrays)

  • Fits into standard PCI or PCI-Xslot

    • Standard Bus: 32 bits, 33 MHz

  • Provides interfaces for processing network packets

    • 4 Gigabit Ethernet Ports

  • Allows hardware-accelerated processing

    • Implemented with FPGA Logic

The block diagram of netfpga

The Block Diagram of NetFPGA

A netfpga system

A NetFPGA System

Networking Software Running on a standard PC

A hardware accelerator built with FPGA

driving Gigabit network links

Our rackmount netfpga server

Our RackmountNetFPGA Server

A netfpga based router

A NetFPGA Based Router

Architecture of reference router

Architecture of Reference Router

  • Five stages

    • Input

    • Input arbitration

    • Routing decision and

      packet modification

    • Output queuing

    • Output

  • Packet-based module


  • Pluggable design

Inter module communication

Inter-Module Communication

Modifying reference router pipeline

Modifying Reference Router Pipeline

Modifying reference router pipeline1

Modifying Reference Router Pipeline

Power Spectral Density (PSD) Based Shrew DDoS Attack Detector

Overall shrew ddos attack detection development environment

Overall Shrew DDoS Attack Detection Development Environment

NetFPGA Box 2

Reference Router w

Shrew DDoS Detector

NetFPGA Box 1


NetFPGA Box 3



Reference NIC


Custom DDoS Shrew

Traffic Generator


Custom DDoS Shrew


NetFPGA Reference Router

1 msec TCP Count samples

Shrew DDoS

Attack Detected

Shrew Packet Counter IF

Debug Interface



Threshold Detector



  • Login