ABSTRACT
This paper deals with hardware acceleration of statistical methods for detection of anomalies on 100 Gb/s Ethernet. The approach is demonstrated by implementing a sequential Non-Parametric Cumulative Sum (NP-CUSUM) procedure. We use high-level synthesis in combination with emerging software defined monitoring (SDM) methodology for rapid development of FPGA-based hardware-accelerated network monitoring applications. The implemented method offloads detection of network attacks and anomalies directly into an FPGA chip. The parallel nature of FPGA allows for simultaneous detection of various kinds of anomalies. Our results show that hardware acceleration of statistical methods using the SDM concept with high-level synthesis from C/C++ is possible and very promising for traffic analysis and anomaly detection in high-speed 100 Gb/s networks.
- L. Kekely, V. Pus, and J. Korenek, "Software defined monitoring of application protocols," in INFOCOM, 2014 Proceedings IEEE. IEEE, 2014, pp. 1725--1733.Google Scholar
- A. G. Tartakovsky, B. L. Rozovskii, R. Blažek, and H. Kim, "A novel approach to detection of intrusions in computer networks via adaptive sequential and batch-sequential change-point detection methods," IEEE Transactions on Signal Processing, vol. 54, no. 9, pp. 3372--3382, 2006. Google ScholarDigital Library
- H. Wang, D. Zhang, and K. Shin, "Detecting SYN flooding attacks," in INFOCOM 2002. 21st Annual Joint Conference of the IEEE Computer and Communications Societies., vol. 3, 2002, pp. 1530--1539.Google Scholar
- T. Cejka, "Fast TCP Flood Detector (FTFD)." {Online}. Available: http://ddd.t.cvut.cz/prj/FTFDGoogle Scholar
Index Terms
- Change-point detection method on 100 Gb/s ethernet interface
Recommendations
Multi-stage change-point detection scheme for large-scale simultaneous events
Change-point detection schemes, which represent one type of anomaly detection schemes, are a promising approach for detecting network anomalies, such as attacks and epidemics by unknown viruses and worms. These events are detected as change-points. ...
P4-Compatible High-Level Synthesis of Low Latency 100 Gb/s Streaming Packet Parsers in FPGAs
FPGA '18: Proceedings of the 2018 ACM/SIGDA International Symposium on Field-Programmable Gate ArraysPacket parsing is a key step in SDN-aware devices. Packet parsers in SDN networks need to be both reconfigurable and fast, to support the evolving network protocols and the increasing multi-gigabit data rates. The combination of packet processing ...
Distributed detection/localization of change-points in high-dimensional network traffic data
We propose a novel approach for distributed statistical detection of change-points in high-volume network traffic. We consider more specifically the task of detecting and identifying the targets of Distributed Denial of Service (DDoS) attacks. The ...
Comments