Title :
AntiWorm NPU-based Parallel Bloom Filters for TCP/IP Content Processing in Giga-Ethernet LAN
Author :
Zhen Chen ; Chuang Lin ; Jia Ni ; Bo Zheng ; Xue-hai Peng ; Yang Wang ; An-An Luo ; Bing Zhu ; Yao Yue ; Feng-yuan Ren
Author_Institution :
Dept. of Comput. Sci. & Technol., Tsinghua Univ., Beijing
Abstract :
TCP/IP protocol suite carries most application data in Internet. TCP flow retrieval has more security meanings than the IP packet payload. Hence, monitoring the TCP flow has more strength than only monitoring the IP packet payload in the AntiWorm system. The main idea of this paper is to use the flexibility and high performance of network processors to scan TCP flow for locating worm´s binary codes, and cut off their propagation. A stateful TCP flow inspection engine is implemented based on IXP network processor, which can monitor about 512K flows. The performance issues about IXP network processors are evaluated and collected, and an analysis is made for further optimizing the system performance. The system is also demonstrated and proved by using the Internet traces and real assaults of Worms. Software Package TCPScanner 1.0 is also given as a software release of the research
Keywords :
local area networks; packet switching; transport protocols; AntiWorm system; IXP network processor; Internet; TCP/IP content processing; TCP/IP protocol; TCPScanner 1.0; giga-Ethernet LAN; parallel bloom filters; Binary codes; Data security; Information filtering; Information filters; Internet; Local area networks; Monitoring; Payloads; Protocols; TCPIP; Deep Packet Inspection; Network Processors; Network Security; Parallel Bloom Filter; Stateful TCP inspection.; TCP/IP Protocol suite; Worms;
Conference_Titel :
Local Computer Networks, 2005. 30th Anniversary. The IEEE Conference on
Conference_Location :
Sydney, NSW
Print_ISBN :
0-7695-2421-4
DOI :
10.1109/LCN.2005.31
