Dissertation > Excellent graduate degree dissertation topics show

Design and Implementation of High Speed Anti-Worm Engine Based on Network Processor

Author: NiJia
Tutor: LinChuang
School: Tsinghua University
Course: Computer Science and Technology
Keywords: Network Processor Anti-worm Engine Multi-pattern Matching Algorithm Bloom Filter Hash Boyer-Moore Algorithm
CLC: TP393.08
Type: Master's thesis
Year: 2007
Downloads: 124
Quote: 0
Read: Download Dissertation

Abstract


With the increasing type and number of Worm attacks in the Internet, Anti-Worm has become an important issue in network security research and anti-worm engine is already widely used in network security applications such as Firewalls and IDS systems. Deep Packet Inspection (DPI) is usually used in anti-worm engine, whose essence is multi-pattern matching procedure. As it should check packet payloads, an anti-worm engine usually takes much more procceeding time. Thus, the design of high performance anti-worm engine is a very important issue in high-speed network security applications.This paper introduces the design and implementation of Anti-Worm Engine based on Network Processor (NP) with Deep Packet Inspection technology. The function blocks of the entire system and inner modules of anti-worm engine are described in detail. The extension fuction of TCP flow stateful scanning is introduced and the structure of flow state record is given too.After a brief survey of Multi-pattern Algorithm, the Bloom Filter algorithm is choosen first. It is a fast paralleled hash algorithm which is widely used on ASIC based hardware design. However, it doesn’t perform well enough in the experiment on NP platform.In order to improve the system performance, the Hash Boyer-Moore (HBM) algorithm is proposed here. It is a novel multi-pattern matching algorithm, which is based on the idea of bad character and distance skip like the Boyer-Moore Algorithm. It has shown higher speed and lower space cost in our analysis and higher throughput than Bloom Filter in our experiments.This anti-worm engine is implemented and optimized on an Intel IXP 2400 Network Processor and its performance is tested too. From these experiments, the anti-worm engine with HBM gives a stable performance and meets the needs of Gigabit Ethernet.

Related Dissertations

  1. Efficient Update Methods for Multi-dimension Metadata Indexing in Storage Systems,TP333
  2. Web Quality of Experience Measurement by Using Network Processor,TP393.09
  3. Research on Searching Strategy of Rare Items in Unstructured P2P Networks,TP393.02
  4. Grid Information Service Based on Chord and Bloom Filter,TP393.09
  5. Study on Duplication Detection of Data Streams,TP311.13
  6. Research on High-Speed IP Packet Capture Technology Based on Multi-core Architecture,TP393.08
  7. Research and Application of Multi-Pattern Matching Engine Based on Bloom Filter,TP393.08
  8. Research on Technologies of Multi-patterns Network Traffic Generation,TP393.06
  9. Research on High-speed Network Flow Measurement Model,TP393.06
  10. Key Technology of Service-Perceptive Traffic Management on Internet,TP393.06
  11. Research of Relatived Alogorithm in the Network Congestion Control Field,TP393.06
  12. Key Technology of Service-Perceptive Traffic Management on Internet,TP393.06
  13. Research of the High-Speed Serial Interface and Traffic Control Technique for a Multi-net Gateway,TP393.05
  14. Study and Implementation on Distributed Hash Index Structure in P2P Environments,TP393.02
  15. Design and Implementation of the Communition Protocol between the High-End Router’ POS Interface Card and the Main Card,TP393.05
  16. Research on Intrusion Detection System Based on Immune Theory,TP393.08
  17. Research on the Related Technologies of Network Processor and Its Processing Unit,TP393.05
  18. Design and Implementation of Traffic Classification System Based on Cavium Platform,TP393.06
  19. Research of Network Content Monitoring Based on Parallel Protocol Analysis,TP393.08
  20. Design of Intrusion Detection System Based on IXP465 Firewall,TP393.08
  21. Backbone network traffic statistics for the calculation of the aggregation,TP393.06

CLC: > Industrial Technology > Automation technology,computer technology > Computing technology,computer technology > Computer applications > Computer network > General issues > Computer Network Security
© 2012 www.DissertationTopic.Net  Mobile