High-speed attack mitigation engine by packet filtering and rate-limiting using FPGA

Abstract

Recently, enterprises, service provider, and e-businesses confront increasing security and performance challenges. Securing network, host, and on-line application is absolutely important. At the same time, security function must not disturb productivity. To ensure that increasing network traffic is safe and their networks are secure, these organizations must provide security with bias toward solutions that accommodate performance demands, while providing the security and networking features required to run their businesses. That is, best solutions are those that combine high performance with topnotch security. For satisfying those requirements, we have developed hardware based and high performance security gateway system (SGS) which providing security functions such firewall, IDS, rate-limiting, and traffic metering in wire speed. In this paper, we especially describe how H/W based firewall and rate-limiting and their response coordinating engine features are implemented in SGS as a hardware chipset (FPGA)