Application of Hardware Accelerated Extensible Network Nodes for Internet Worm and Virus Protection

Today’s crucial information networks are vulnerable to fast-moving attacks by Internet worms and computer viruses. These attacks have the potential to cripple the Internet and compromise the integrity of the data on the end-user machines. Without new types of protection, the Internet remains susceptible to the assault of increasingly aggressive attacks. A platform has been implemented that actively detects and blocks worms and viruses at multi-Gigabit/second rates. It uses the Field-programmable Port Extender (FPX) to scan for signatures of malicious software (malware) carried in packet payloads. Dynamically reconfigurable Field Programmable Gate Array (FPGA) logic tracks the state of Internet flows and searches for regular expressions and fixed-strings that appear in the content of packets. Protection is achieved by the incremental deployment of systems throughout the Internet.

[1]  David Moore,et al.  Internet quarantine: requirements for containing self-propagating code , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[2]  John W. Lockwood,et al.  An Extensible, System-On-Programmable-Chip, Content-Aware Internet Firewall , 2003, FPL.

[3]  Brad L. Hutchings,et al.  Assisting network intrusion detection with reconfigurable hardware , 2002, Proceedings. 10th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[4]  John W. Lockwood,et al.  Architecture for a hardware-based, TCP/IP content-processing system , 2004, IEEE Micro.

[5]  John W. Lockwood,et al.  Deep packet inspection using parallel bloom filters , 2004, IEEE Micro.

[6]  Ed Skoudis,et al.  Malware: Fighting Malicious Code , 2003 .

[7]  John W. Lockwood,et al.  Dynamic hardware plugins in an FPGA with partial run-time reconfiguration , 2002, DAC '02.

[8]  John W. Lockwood,et al.  TCP-Splitter: A TCP/IP flow monitor in reconfigurable hardware , 2002, Proceedings 10th Symposium on High Performance Interconnects.

[9]  John W. Lockwood,et al.  Protocol Wrappers for Layered Network Packet Processing in Reconfigurable Hardware , 2002, IEEE Micro.

[10]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[11]  John W. Lockwood,et al.  Architecture for a hardware based, TCP/IP content scanning system [intrusion detection system applications] , 2003, 11th Symposium on High Performance Interconnects, 2003. Proceedings..

[12]  Lambert Schaelicke,et al.  Characterizing the Performance of Network Intrusion Detection Sensors , 2003, RAID.

[13]  Vern Paxson,et al.  How to Own the Internet in Your Spare Time , 2002, USENIX Security Symposium.

[14]  Viktor K. Prasanna,et al.  Fast Regular Expression Matching Using FPGAs , 2001, The 9th Annual IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM'01).

[15]  William H. Mangione-Smith,et al.  Specialized Hardware for Deep Network Packet Filtering , 2002, FPL.

[16]  John W. Lockwood,et al.  Control and configuration software for a reconfigurable networking hardware platform , 2002, Proceedings. 10th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[17]  John W. Lockwood Evolvable Internet hardware platforms , 2001, Proceedings Third NASA/DoD Workshop on Evolvable Hardware. EH-2001.

[18]  Sumeet Singh,et al.  The EarlyBird System for Real-time Detection of Unknown Worms , 2005 .

[19]  John W. Lockwood,et al.  Scalable IP lookup for Internet routers , 2003, IEEE J. Sel. Areas Commun..

[20]  Marco Platzner,et al.  Field Programmable Logic and Application , 2004, Lecture Notes in Computer Science.

[21]  John W. Lockwood,et al.  Implementation of a content-scanning module for an Internet firewall , 2003, 11th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, 2003. FCCM 2003..

[22]  John W. Lockwood,et al.  Reprogrammable network packet processing on the field programmable port extender (FPX) , 2001, FPGA '01.

[23]  Linda Pesante,et al.  CERT® Coordination Center , 2002 .

[24]  John W. Lockwood,et al.  Internet Worm and Virus Protection in Dynamically Reconfigurable Hardware , 2003 .

[25]  John W. Lockwood,et al.  FPsed: a streaming content search-and-replace module for an Internet firewall , 2003, 11th Symposium on High Performance Interconnects, 2003. Proceedings..