| Paper Abstract and Keywords |
| Presentation |
2006-03-03 10:00
Anomaly Prevention System implemented in Dynamic Reconfigurable Processor
Takashi Isobe (Hitachi) |
| Abstract |
(in Japanese) |
(See Japanese page) |
| (in English) |
Distributed anomaly prevention mechanism in the upstream side of networks is required to prevent anomalies such as distributed denial of service (DDoS) from causing various network problems. This mechanism requests the processors achieving both high-speed response and flexible update of the anomaly prevention algorithm. And, this mechanism must ensure a high probability of protecting normal communications with large round trip time (RTT) between normal users and the nodes with anomaly prevention mechanism. In this research, I propose distributed anomaly prevention based on all-packet analysis at the distributed points in the upstream side of the networks. To achieve all-packet analysis with both high-speed response and flexibility, dynamic reconfigurable processors (DRPs) were used. Furthermore, I developed this anomaly prevention mechanism with DRPs. This mechanism prevents three kinds of anomalies (DDoS, worms, and peer-to-peer (P2P) traffic). In simulations, I achieved the goal of attaining a throughput of 80-M packets per second (pps) using three DRPs (431 execution elements used). In experiments, it was confirmed with the prototype that the proposed mechanism prevented anomalies in high-speed response (within 0.01 second), which was 3000 times faster than that of a legacy mechanism using a sampled packet analysis. Additionally, in this research, request-packet base routing is proposed to realize distributed anomaly prevention, and stateful time-limit overwriting is suggested to improve the probability of protecting normal communication. Through experiments, it was confirmed that the session table in proposed overwriting required 512 K or more entries to ensure a high probability of protecting normal communications with large (200 ms) RTT in 1-M pps attack. This result reduced the number of entries by 88% compared to that of legacy overwriting. |
| Keyword |
(in Japanese) |
(See Japanese page) |
| (in English) |
Security / DDoS / worm / P2P / Anomaly Detection / Anomaly Prevention / DRP / |
| Reference Info. |
IEICE Tech. Rep., vol. 105, no. 628, IN2005-227, pp. 419-424, March 2006. |
| Paper # |
IN2005-227 |
| Date of Issue |
2006-02-23 (IN) |
| ISSN |
Print edition: ISSN 0913-5685 |
| Download PDF |
|
| Conference Information |
| Committee |
IN NS |
| Conference Date |
2006-03-02 - 2006-03-03 |
| Place (in Japanese) |
(See Japanese page) |
| Place (in English) |
Rizzan Sea-Park Hotel Tancha-Bay (Okinawa) |
| Topics (in Japanese) |
(See Japanese page) |
| Topics (in English) |
|
| Paper Information |
| Registration To |
IN |
| Conference Code |
2006-03-IN-NS |
| Language |
Japanese |
| Title (in Japanese) |
(See Japanese page) |
| Sub Title (in Japanese) |
(See Japanese page) |
| Title (in English) |
Anomaly Prevention System implemented in Dynamic Reconfigurable Processor |
| Sub Title (in English) |
|
| Keyword(1) |
Security |
| Keyword(2) |
DDoS |
| Keyword(3) |
worm |
| Keyword(4) |
P2P |
| Keyword(5) |
Anomaly Detection |
| Keyword(6) |
Anomaly Prevention |
| Keyword(7) |
DRP |
| Keyword(8) |
|
| 1st Author's Name |
Takashi Isobe |
| 1st Author's Affiliation |
Hitachi, Ltd., Central Research Laboratory (Hitachi) |
| 2nd Author's Name |
|
| 2nd Author's Affiliation |
() |
| 3rd Author's Name |
|
| 3rd Author's Affiliation |
() |
| 4th Author's Name |
|
| 4th Author's Affiliation |
() |
| 5th Author's Name |
|
| 5th Author's Affiliation |
() |
| 6th Author's Name |
|
| 6th Author's Affiliation |
() |
| 7th Author's Name |
|
| 7th Author's Affiliation |
() |
| 8th Author's Name |
|
| 8th Author's Affiliation |
() |
| 9th Author's Name |
|
| 9th Author's Affiliation |
() |
| 10th Author's Name |
|
| 10th Author's Affiliation |
() |
| 11th Author's Name |
|
| 11th Author's Affiliation |
() |
| 12th Author's Name |
|
| 12th Author's Affiliation |
() |
| 13th Author's Name |
|
| 13th Author's Affiliation |
() |
| 14th Author's Name |
|
| 14th Author's Affiliation |
() |
| 15th Author's Name |
|
| 15th Author's Affiliation |
() |
| 16th Author's Name |
|
| 16th Author's Affiliation |
() |
| 17th Author's Name |
|
| 17th Author's Affiliation |
() |
| 18th Author's Name |
|
| 18th Author's Affiliation |
() |
| 19th Author's Name |
|
| 19th Author's Affiliation |
() |
| 20th Author's Name |
|
| 20th Author's Affiliation |
() |
| Speaker |
Author-1 |
| Date Time |
2006-03-03 10:00:00 |
| Presentation Time |
20 minutes |
| Registration for |
IN |
| Paper # |
IN2005-227 |
| Volume (vol) |
vol.105 |
| Number (no) |
no.628 |
| Page |
pp.419-424 |
| #Pages |
6 |
| Date of Issue |
2006-02-23 (IN) |
|