Deep Packet Field Extraction Engine (DPFEE): A pre-processor for network intrusion detection and denial-of-service detection systems

2015 33rd IEEE International Conference on Computer Design (ICCD) Pub Date : 2015-10-18 DOI:10.1109/ICCD.2015.7357113

V. Jyothi, Sateesh Addepalli, R. Karri

引用次数: 7

Abstract

Network Intrusion Detection Systems (NIDS) and Anti-Denial-of-Service (DoS) employ Deep Packet Inspection (DPI) which provides visibility to the content of payload to detect network attacks. All DPI engines assume a pre-processing step that extracts the various protocol specific fields. However, application layer (L7) field extraction is computationally expensive. We propose a Deep Packet Field Extraction Engine (DPFEE) to offload the application layer field extraction to hardware. DPFEE is a content-aware, grammar-based, Layer 7 programmable field extraction engine for text-based protocols. Our prototype DPFEE implementation for the Session Initiation Protocol (SIP) on a single FPGA, achieved a bandwidth of 257.1 Gbps and this can be easily scaled beyond 300 Gbps.

查看原文本刊更多论文

Deep Packet Field Extraction Engine (DPFEE):用于网络入侵检测和拒绝服务检测系统的预处理器

网络入侵检测系统(NIDS)和ddos (Anti-Denial-of-Service)都采用深度包检测(DPI)技术来检测网络攻击，DPI技术提供了有效负载内容的可见性。所有DPI引擎都假定一个预处理步骤，提取各种特定于协议的字段。然而，应用层(L7)字段提取在计算上是昂贵的。我们提出了一个深度包字段提取引擎(Deep Packet Field Extraction Engine, DPFEE)，将应用层字段提取工作转移到硬件上。DPFEE是一个内容感知、基于语法的第7层可编程字段提取引擎，用于基于文本的协议。我们在单个FPGA上实现会话发起协议(SIP)的DPFEE原型，实现了257.1 Gbps的带宽，并且可以轻松扩展到300 Gbps以上。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2015 33rd IEEE International Conference on Computer Design (ICCD)

自引率

0.00%

发文量