Gong et al., 2018 - Google Patents
GoldenEye: stream-based network packet inspection using GPUsGong et al., 2018
View PDF- Document ID
- 3230788477954668915
- Author
- Gong Q
- Wu W
- Fermi P
- Publication year
- Publication venue
- 2018 IEEE 43rd Conference on Local Computer Networks (LCN)
External Links
Snippet
High-performance packet analysis systems have attracted great interest as tools to deal with security concerns in high-speed networks. Recently, researchers have utilized GPUs to improve packet processing performance. However, most existing work has been targeted at …
- 238000007689 inspection 0 title abstract description 14
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/745—Address table lookup or address filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing packet switching networks
- H04L43/02—Arrangements for monitoring or testing packet switching networks involving a reduction of monitoring data
- H04L43/026—Arrangements for monitoring or testing packet switching networks involving a reduction of monitoring data using flow generation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Application independent communication protocol aspects or techniques in packet data networks
- H04L69/22—Header parsing or analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Application independent communication protocol aspects or techniques in packet data networks
- H04L69/12—Protocol engines, e.g. VLSIs or transputers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing packet switching networks
- H04L43/18—Arrangements for monitoring or testing packet switching networks using protocol analyzers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0485—Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Chen et al. | A survey on the application of FPGAs for network infrastructure security | |
| EP1905213B1 (en) | Method, recording medium and network line card for performing content inspection across multiple packets | |
| US8397285B2 (en) | Multi-pattern packet content inspection mechanisms employing tagged values | |
| CN103733590B (en) | Compiler for regular expressions | |
| US8964548B1 (en) | System and method for determining network application signatures using flow payloads | |
| Yu | High speed deep packet inspection with hardware support | |
| US20070115986A1 (en) | Method to perform exact string match in the data plane of a network processor | |
| US8131841B2 (en) | Method and apparatus for detecting predefined signatures in packet payload | |
| US20100161536A1 (en) | Pattern matching | |
| Li et al. | Netshield: massive semantics-based vulnerability signature matching for high-speed networks | |
| Bremler-Barr et al. | CompactDFA: Scalable pattern matching using longest prefix match solutions | |
| Zheng et al. | Algorithms to speedup pattern matching for network intrusion detection systems | |
| Chen et al. | Empowering network security with programmable switches: A comprehensive survey | |
| Chen et al. | Fidas: Fortifying the cloud via comprehensive FPGA-based offloading for intrusion detection: Industrial product | |
| Gong et al. | GoldenEye: stream-based network packet inspection using GPUs | |
| Zhao et al. | Rids: Towards advanced ids via rnn model and programmable switches co-designed approaches | |
| Aldwairi et al. | Efficient Wu-Manber pattern matching hardware for intrusion and malware detection | |
| Chen et al. | Ac-suffix-tree: Buffer free string matching on out-of-sequence packets | |
| CN102201948A (en) | Quick matching method for network intrusion detection system | |
| Yang et al. | A high-performance round-robin regular expression matching architecture based on FPGA | |
| Ho et al. | PERG: A scalable FPGA-based pattern-matching engine with consolidated bloomier filters | |
| Li et al. | Exploiting reconfigurable hardware for network security | |
| Al-Dalky et al. | Accelerating snort NIDS using NetFPGA-based Bloom filter | |
| Wang et al. | Strifa: Stride finite automata for high-speed regular expression matching in network intrusion detection systems | |
| Karimov et al. | Problems of increasing efficiency of NIDS by using implementing methods packet classifications on FPGA |