Application of netfpga in network security
1 / 14

Application of NetFPGA in Network Security - PowerPoint PPT Presentation

  • Uploaded on

Application of NetFPGA in Network Security. Hao Chen 2/25/2011. Introduction to Shrew DDoS Attacks. DDoS attacks : Distributed Denial of Service attacks Shrew DDoS Attacks: Low rate TCP targeted DDoS Attacks. Power Spectral Density (PSD) Based Analysis.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Application of NetFPGA in Network Security' - catori

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Application of netfpga in network security

Application of NetFPGA in Network Security

Hao Chen


Introduction to shrew ddos attacks
Introduction to Shrew DDoS Attacks

  • DDoSattacks : Distributed Denial of Service attacks

  • Shrew DDoSAttacks: Low rate TCP targeted DDoS Attacks

Power spectral density psd based analysis
Power Spectral Density (PSD) Based Analysis

  • Performing PSD analysis is computing intensive

  • Adopt hardware implementation

    • NetFPGA based shrew DDoS attack detector

A netfpga board
A NetFPGA Board

  • Network + FPGA (Field Programmable Gate Arrays)

  • Fits into standard PCI or PCI-Xslot

    • Standard Bus: 32 bits, 33 MHz

  • Provides interfaces for processing network packets

    • 4 Gigabit Ethernet Ports

  • Allows hardware-accelerated processing

    • Implemented with FPGA Logic

A netfpga system
A NetFPGA System

Networking Software Running on a standard PC

A hardware accelerator built with FPGA

driving Gigabit network links

Our rackmount netfpga server
Our RackmountNetFPGA Server

A netfpga based router
A NetFPGA Based Router

Architecture of reference router
Architecture of Reference Router

  • Five stages

    • Input

    • Input arbitration

    • Routing decision and

      packet modification

    • Output queuing

    • Output

  • Packet-based module


  • Pluggable design

Modifying reference router pipeline1
Modifying Reference Router Pipeline

Power Spectral Density (PSD) Based Shrew DDoS Attack Detector

Overall shrew ddos attack detection development environment
Overall Shrew DDoS Attack Detection Development Environment

NetFPGA Box 2

Reference Router w

Shrew DDoS Detector

NetFPGA Box 1


NetFPGA Box 3



Reference NIC


Custom DDoS Shrew

Traffic Generator


Custom DDoS Shrew


NetFPGA Reference Router

1 msec TCP Count samples

Shrew DDoS

Attack Detected

Shrew Packet Counter IF

Debug Interface



Threshold Detector