AntiWorm NPU-based Parallel Bloom Filters for TCP/IP Content Processing in Giga-Ethernet LAN

Author

Zhen Chen ; Chuang Lin ; Jia Ni ; Bo Zheng ; Xue-hai Peng ; Yang Wang ; An-An Luo ; Bing Zhu ; Yao Yue ; Feng-yuan Ren

Author_Institution

Dept. of Comput. Sci. & Technol., Tsinghua Univ., Beijing

fYear

2005

fDate

17-17 Nov. 2005

Firstpage

748

Lastpage

755

Abstract

TCP/IP protocol suite carries most application data in Internet. TCP flow retrieval has more security meanings than the IP packet payload. Hence, monitoring the TCP flow has more strength than only monitoring the IP packet payload in the AntiWorm system. The main idea of this paper is to use the flexibility and high performance of network processors to scan TCP flow for locating worm´s binary codes, and cut off their propagation. A stateful TCP flow inspection engine is implemented based on IXP network processor, which can monitor about 512K flows. The performance issues about IXP network processors are evaluated and collected, and an analysis is made for further optimizing the system performance. The system is also demonstrated and proved by using the Internet traces and real assaults of Worms. Software Package TCPScanner 1.0 is also given as a software release of the research

Keywords

local area networks; packet switching; transport protocols; AntiWorm system; IXP network processor; Internet; TCP/IP content processing; TCP/IP protocol; TCPScanner 1.0; giga-Ethernet LAN; parallel bloom filters; Binary codes; Data security; Information filtering; Information filters; Internet; Local area networks; Monitoring; Payloads; Protocols; TCPIP; Deep Packet Inspection; Network Processors; Network Security; Parallel Bloom Filter; Stateful TCP inspection.; TCP/IP Protocol suite; Worms;

fLanguage

English

Publisher

ieee

Conference_Titel

Local Computer Networks, 2005. 30th Anniversary. The IEEE Conference on

Conference_Location

Sydney, NSW

ISSN

0742-1303

Print_ISBN

0-7695-2421-4

Type

conf

DOI

10.1109/LCN.2005.31

Filename

1550959