Paper Info
Title
Specialized Hardware for Deep Network Packet Filtering
Abstract
Many computer network provide limited security through simple firewall feature in router and switch. Some networks that require higher security use deep packet filter to capture packets that can not be detected by simple firewall. Deep packet filters use list of rules for determining safety of packets. There is a high degree of parallelism in processing these rules because each rule represent independent pattern matching process. We find that the underlying architecture for existing software and hardware firewalls do not fully take advantage of this parallelism. Thus, we design a deep packet filtering firewall on a field programmable gate array (FPGA) to take advantage of the parallelism while retaining its programmability. Our implementation is capable of processing over 2.88 gigabits per second of network stream on an Altera EP20K series FPGA without manual optimization.
Year
DOI
Venue
2002
10.1007/3-540-46117-5_48
FPL
Keywords
Field
DocType
specialized hardware,deep network packet filtering,deep packet filter,field programmable gate array,altera ep20k series fpga,network stream,simple firewall feature,simple firewall,higher security use,deep packet,limited security,computer network
Computer science,Degree of parallelism,Real-time computing,Stateful firewall,Computer hardware,Distributed computing,Firewall (construction),Parallel computing,Network packet,Field-programmable gate array,Application firewall,Context-based access control,Router,Embedded system
Conference
Volume
ISSN
ISBN
2438
0302-9743
3-540-44108-5
Citations 
PageRank 
References 
67
7.44
13
Authors
3
Name
Order
Citations
PageRank
Young H. Cho130229.05
Shiva Navab27911.30
William H. Mangione-Smith32434251.48