For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
Large-Throughput Anomaly Prevention Mechanism Implemented in Dynamic Reconfigurable Processor
IEICE TRANSACTIONS on Communications
Publication Date: 2006/09/01
Online ISSN: 1745-1345
Print ISSN: 0916-8516
Type of Manuscript: Special Section PAPER (Special Section on Networking Technologies for Overlay Networks)
network security, DDoS, worm, P2P, anomaly prevention, DRP, IDS, IPS,
Full Text: PDF>>
Large-throughput anomaly prevention mechanism in the upstream side of high-speed (over 10-Gbps) networks is required to prevent various anomalies such as distributed denial of service (DDoS) from causing various network problems. This mechanism requests the processors achieving not only high-speed response for analyzing many packets in a short time but also the flexibility to update the anomaly prevention algorithm. In this research, I assumed a dynamic reconfigurable processor (DRP) was most effective in achieving this anomaly prevention mechanism, for processors used in nodes with the mechanism, and I designed an anomaly prevention mechanism using DRPs. The mechanism can shorten anomaly prevention time in high-speed (10 Gbps) lines using an all-packet analysis. Through a simulation, I achieved the goal of the mechanism achieving a throughput of 83-M packets per second using three DRPs (432 execution elements used). Moreover, with the prototype, it was confirmed that the proposed mechanism prevented anomalies in a short time (constant 0.01 second), which was 3000 times faster than that of a legacy mechanism using a packet sampling method. I also proposed integrated prevention, which was able to reduce the number of execution elements comprising anomaly prevention algorithm against various kinds of anomalies. It was achieved with a simulation that the proposed integrated prevention against three kinds of anomalies (DDoS, worm, and peer to peer (P2P)) reduced the number of execution elements by 24% compared to legacy prevention. In addition, non-stop update was proposed to maintain throughput when updating an anomaly prevention algorithm without packet loss. It was confirmed with a simulation that there was enough time for non-stop update in 10 Gbps 4 lines.