论文信息 - A hardware-accelerated system for real-time worm detection

A hardware-accelerated system for real-time worm detection

Internet worms work by exploiting vulnerabilities in operating systems and application software that run on end systems. The attacks compromise security and degrade network performance. They cause large economic losses for businesses, in terms of system downtime and lost worker productivity. This article presents the design and implementation of a system that automatically detects new worms in real time by monitoring all traffic on a network. The system uses field-programmable gate arrays (FPGAs) to scan packets for patterns of similar content and can automatically detect the outbreak of a new Internet worm. It instantly reports frequently occurring strings in packet payloads as likely signatures of the malicious software (malware).

John W. Lockwood | Bharath Madhusudan | J. Lockwood | B. Madhusudan

[1] John W. Lockwood,et al. Application of Hardware Accelerated Extensible Network Nodes for Internet Worm and Virus Protection , 2003, IWAN.

[2] Abhishek Kumar,et al. Data streaming algorithms for efficient and accurate estimation of flow size distribution , 2004, SIGMETRICS '04/Performance '04.

[3] John W. Lockwood,et al. Implementation of a content-scanning module for an Internet firewall , 2003, 11th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, 2003. FCCM 2003..

[4] John W. Lockwood,et al. SRAM Programming SelectMap Interface EC EC VC VC Four Port Switch ccp Error Check VC VC Control Cell Asynchronous LineCardSwitch InterfaceCircuit Interface Processor Synch , 2001 .

[5] Gaston H. Gonnet,et al. Handbook Of Algorithms And Data Structures , 1984 .

[6] George Varghese,et al. New directions in traffic measurement and accounting , 2002, CCRV.

[7] Vern Paxson,et al. How to Own the Internet in Your Spare Time , 2002, USENIX Security Symposium.

[8] George Varghese,et al. Bitmap algorithms for counting active flows on high speed links , 2003, IMC '03.

[9] John W. Lockwood,et al. Protocol Wrappers for Layered Network Packet Processing in Reconfigurable Hardware , 2002, IEEE Micro.

[10] David Moore,et al. Internet quarantine: requirements for containing self-propagating code , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).