A Dynamically Reconfigured Multi-FPGA Network Platform for High-Speed Malware Collection

Malicious software has become a major threat to computer users on the Internet today. Security researchers need to gather and analyze large sample sets to develop effective countermeasures. The setting of honeypots, which emulate vulnerable applications, is one method to collect attack code. We have proposed a dedicated hardware architecture for honeypots which allows both high-speed operation at 10Gb/s and beyond and offers a high resilience against attacks on the honeypot infrastructure itself. In this work, we refine the base NetStage architecture for better management and scalability. Using dynamic partial reconfiguration, we can now update the functionality of the honeypot during operation. To allow the operation of a larger number of vulnerability emulation handlers, the initial single-device architecture is extended to scalable multichip systems. We describe the technical aspects of these modifications and show results evaluating an implementation on a current quad-FPGA reconfigurable computing platform.

[1]  Felix C. Freiling,et al.  The Nepenthes Platform: An Efficient Approach to Collect Malware , 2006, RAID.

[2]  Octavio Nieto-Taladriz,et al.  MIGRATING A HONEYPOT TO HARDWARE , 2007 .

[3]  John W. Lockwood,et al.  Reprogrammable network packet processing on the field programmable port extender (FPX) , 2001, FPGA '01.

[4]  Octavio Nieto-Taladriz,et al.  Migrating a HoneyDepot to Hardware , 2007, The International Conference on Emerging Security Information, Systems, and Technologies (SECUREWARE 2007).

[5]  Erik Maehle,et al.  DynaCORE — A Dynamically Reconfigurable Coprocessor Architecture for Network Processors , 2006, 14th Euromicro International Conference on Parallel, Distributed, and Network-Based Processing (PDP'06).

[6]  Andreas Koch,et al.  A Dynamically Reconfigured Network Platform for High-Speed Malware Collection , 2010, 2010 International Conference on Reconfigurable Computing and FPGAs.

[7]  Ricardo Chaves,et al.  Dynamic FPGA Reconfigurations with Run-Time Region Delimitation , 2007 .

[8]  Michael J. Miller Bandwidth engine® serial memory chip breaks 2 billion accesses/sec , 2011, 2011 IEEE Hot Chips 23 Symposium (HCS).

[9]  Zeljko Zilic,et al.  A Hybrid Ring/Mesh Interconnect for Network-on-Chip Using Hierarchical Rings for Global Routing , 2007, First International Symposium on Networks-on-Chip (NOCS'07).

[10]  Andreas Koch,et al.  A Scalable Multi-FPGA Platform for Complex Networking Applications , 2011, 2011 IEEE 19th Annual International Symposium on Field-Programmable Custom Computing Machines.

[11]  Glen Gibb,et al.  NetFPGA--An Open Platform for Gigabit-Rate Network Switching and Routing , 2007, 2007 IEEE International Conference on Microelectronic Systems Education (MSE'07).

[12]  Lixin Gao,et al.  Customizing virtual networks with partial FPGA reconfiguration , 2010, VISA '10.

[13]  Stamatis Vassiliadis,et al.  Analysis of a reconfigurable network processor , 2006, Proceedings 20th IEEE International Parallel & Distributed Processing Symposium.

[14]  Kenji Toda,et al.  Bitstream Encryption and Authentication Using AES-GCM in Dynamically Reconfigurable Systems , 2008, IWSEC.

[15]  Andreas Koch,et al.  MalCoBox: Designing a 10 Gb/s Malware Collection Honeypot Using Reconfigurable Technology , 2010, 2010 International Conference on Field Programmable Logic and Applications.