Home // INTERNET 2015, The Seventh International Conference on Evolving Internet // View article

FPGA Based TCP Session Features Extraction Utilizing Off-Chip Memories

Authors:
Satoshi Fuchigami
Hajime Shimada
Yukiko Yamaguchi
Hiroki Takakura

Keywords: Anomaly Based Network IDS, FPGA, TCP Session Feature Extraction

Abstract:
In recent years, unknown attacks like zero-day attacks and targeted attacks are increasing. These attacks are difficult to detect because information gathered from already known attacks are not useful for those detection. Anomaly based Network Intrusion Detection System(IDS) has potential to find these attacks. However, almost all anomaly-based Network IDS is implemented with software, so that it cannot catch up with growing network traffic. To alleviate this problem, there is Hardware/Software(HW/SW) cooperated Network IDS which migrates Transmission Control Protocol(TCP) feature extraction process to Field Programmable Gate Array(FPGA). However, the prior implementation is completed in FPGA, so that it cannot treat long TCP sessions because of shortage of memory blocks in FPGA-chip. In this paper, we propose TCP session feature extraction and cumulation by FPGA combining off-chip Ternary Content Addressable Memory(TCAM) and Dynamic Random Access Memory(DRAM) for HW/SW cooperated Network IDS. This approach uses these off-chip memories for buffering features while a TCP session continues. We designed architecture and implemented. We estimated that our system can manage 1,024K sessions simultaneously.

Pages: 38 to 42

Copyright: Copyright (c) IARIA, 2015

Publication date: October 11, 2015

Published in: conference

ISSN: 2308-443X

ISBN: 978-1-61208-435-0

Location: St. Julians, Malta

Dates: from October 11, 2015 to October 16, 2015