Централізований синтез реконфігуровних апаратних засобів інформаційної безпеки на високопродуктивних платформах

Ukrainian Information Security Research Journal Pub Date : 2018-12-21 DOI:10.18372/2410-7840.20.13426

Виктор Федорович Евдокимов, Анатолий Николаевич Давиденко, Сергей Яковлевич Гильгурт

{"title":"Централізований синтез реконфігуровних апаратних засобів інформаційної безпеки на високопродуктивних платформах","authors":"Виктор Федорович Евдокимов, Анатолий Николаевич Давиденко, Сергей Яковлевич Гильгурт","doi":"10.18372/2410-7840.20.13426","DOIUrl":null,"url":null,"abstract":"The main purpose of a signature-based network intrusion detection system (NIDS) is to inspect network packet contents against tens of thousands of predefined malicious patterns. Unlike the firewall, NIDS examines not only packet headers, but also the packet bodies. The multi-pattern string matching task is a specific type of string matching functionality to search an input stream for a set of patterns rather than a single pattern. Due to rising traffic rates, increasing number and sophistication of attacks and the collapse of Moore's law for sequential processing, traditional software solutions can no longer meet the high requirements of today’s security challenges. Therefore, hardware approaches are proposed to accelerate pattern matching. Combining the flexibility of software and the nearASIC performance, reconfigurable FPGA-based devices have become increasingly popular for this purpose. Unfortunately, the development of complex reconfigurable devices is a very difficult craft. Users of NIDS which are usually system administrators have not neither enough qualification, nor computing resources to fulfill such a work. On the other hand specificities of security tasks require frequent execution of dynamic re-synthesis of reconfigurable accelerators. To solve this problem, a centralized system based on GRID and Cloud platforms was proposed. Such approach moves design and computation complexities from LANs to HPC. An experimental system was constructed and tested. First results are received and discussed. Preliminary comparison of GRID and Cloud technologies is made. Besides cybersecurity, high-speed multi-pattern matching is required for such important applications as data mining, XML switching, QoS management, VoIP filtering, cache replication etc.","PeriodicalId":378015,"journal":{"name":"Ukrainian Information Security Research Journal","volume":"300 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-12-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Ukrainian Information Security Research Journal","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.18372/2410-7840.20.13426","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

The main purpose of a signature-based network intrusion detection system (NIDS) is to inspect network packet contents against tens of thousands of predefined malicious patterns. Unlike the firewall, NIDS examines not only packet headers, but also the packet bodies. The multi-pattern string matching task is a specific type of string matching functionality to search an input stream for a set of patterns rather than a single pattern. Due to rising traffic rates, increasing number and sophistication of attacks and the collapse of Moore's law for sequential processing, traditional software solutions can no longer meet the high requirements of today’s security challenges. Therefore, hardware approaches are proposed to accelerate pattern matching. Combining the flexibility of software and the nearASIC performance, reconfigurable FPGA-based devices have become increasingly popular for this purpose. Unfortunately, the development of complex reconfigurable devices is a very difficult craft. Users of NIDS which are usually system administrators have not neither enough qualification, nor computing resources to fulfill such a work. On the other hand specificities of security tasks require frequent execution of dynamic re-synthesis of reconfigurable accelerators. To solve this problem, a centralized system based on GRID and Cloud platforms was proposed. Such approach moves design and computation complexities from LANs to HPC. An experimental system was constructed and tested. First results are received and discussed. Preliminary comparison of GRID and Cloud technologies is made. Besides cybersecurity, high-speed multi-pattern matching is required for such important applications as data mining, XML switching, QoS management, VoIP filtering, cache replication etc.

查看原文本刊更多论文

基于签名的网络入侵检测系统(NIDS)的主要目的是根据成千上万的预定义恶意模式对网络数据包内容进行检测。与防火墙不同，NIDS不仅检查包头，还检查包体。多模式字符串匹配任务是一种特定类型的字符串匹配功能，用于在输入流中搜索一组模式，而不是单个模式。随着业务量的增加、攻击的数量和复杂性的增加以及顺序处理的摩尔定律的崩溃，传统的软件解决方案已经无法满足当今安全挑战的高要求。因此，提出了硬件方法来加速模式匹配。结合软件的灵活性和接近asic的性能，基于可重构fpga的设备在这方面越来越受欢迎。不幸的是，开发复杂的可重构器件是一项非常困难的工作。NIDS的用户通常是系统管理员，他们既没有足够的资格，也没有足够的计算资源来完成这样的工作。另一方面，安全任务的特殊性要求频繁地执行可重构加速器的动态重新合成。为了解决这一问题，提出了一种基于网格和云平台的集中式系统。这种方法将设计和计算的复杂性从局域网转移到高性能计算。搭建了实验系统并进行了测试。收到并讨论第一批结果。对GRID和Cloud技术进行了初步比较。除了网络安全之外，数据挖掘、XML交换、QoS管理、VoIP过滤、缓存复制等重要应用都需要高速多模式匹配。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Ukrainian Information Security Research Journal

自引率

0.00%

发文量