Abstract
Network Intrusion Detection Systems (NIDS) and Anti-Denial-of-Service (DoS) employ Deep Packet Inspection (DPI) which provides visibility to the content of payload to detect network attacks. All DPI engines assume a pre-processing step that extracts the various protocol-specific fields. However, application layer (L7) field extraction is computationally expensive. We propose a novel Deep Packet Field Extraction Engine (DPFEE) for application layer field extraction to hardware. DPFEE is a content-aware, grammar-based, Layer 7 programmable field extraction engine for text-based protocols. Our prototype DPFEE implementation for the Session Initiation Protocol (SIP) and HTTP protocol on a single FPGA, achieves a bandwidth of 408.5 Gbps and this can be scaled beyond 500 Gbps. Single DPFEE exhibits a speedup of 24X-89X against widely used preprocessors. Even against 12 multi-instances of a preprocessor, single DPFEE demonstrated a speedup of 4.7-7.4X. Single DPFEE achieved 3.14X higher bandwidth, 1020X lower latency, and 106X lower power consumption, when compared with 200 parallel streams of GPU accelerated preprocessor.
Original language | English (US) |
---|---|
Pages (from-to) | 55-68 |
Number of pages | 14 |
Journal | IEEE Transactions on Multi-Scale Computing Systems |
Volume | 4 |
Issue number | 1 |
DOIs | |
State | Published - Jan 1 2018 |
Keywords
- Application layer field extraction
- DoS attacks
- deep packet inspection
- hardware acceleration
- network security
ASJC Scopus subject areas
- Control and Systems Engineering
- Information Systems
- Hardware and Architecture