509 research outputs found
Hardware Acceleration of Network Intrusion Detection System Using FPGA
This thesis presents new algorithms and hardware designs for Signature-based Network Intrusion Detection System (SB-NIDS) optimisation exploiting a hybrid hardwaresoftware co-designed embedded processing platform. The work describe concentrates
on optimisation of a complete SB-NIDS Snort application software on a FPGA based
hardware-software target rather than on the implementation of a single functional unit
for hardware acceleration. Pattern Matching Hardware Accelerator (PMHA) based on
Bloom filter was designed to optimise SB-NIDS performance for execution on a Xilinx
MicroBlaze soft-core processor. The Bloom filter approach enables the potentially large
number of network intrusion attack patterns to be efficiently represented and searched
primarily using accesses to FPGA on-chip memory. The thesis demonstrates, the viability of hybrid hardware-software co-designed approach for SB-NIDS. Future work is
required to investigate the effects of later generation FPGA technology and multi-core
processors in order to clearly prove the benefits over conventional processor platforms
for SB-NIDS.
The strengths and weaknesses of the hardware accelerators and algorithms are analysed,
and experimental results are examined to determine the effectiveness of the implementation. Experimental results confirm that the PMHA is capable of performing network
packet analysis for gigabit rate network traffic. Experimental test results indicate that
our SB-NIDS prototype implementation on relatively low clock rate embedded processing platform performance is approximately 1.7 times better than Snort executing on
a general purpose processor on PC when comparing processor cycles rather than wall
clock time
Network Traffic Anomaly-Detection Framework Using GPUs
Network security has been very crucial for the software industry. Deep packet inspection (DPI) is one of the widely used approaches in enforcing network security. Due to the high volume of network traffic, it is challenging to achieve high performance for DPI in real time. In this thesis, a new DPI framework is presented that accelerates packet header checking and payload inspection on graphics processing units (GPUs). Various optimizations were applied to GPU-version packet inspection, such as thread-level and block-level packet assignment, warp divergence elimination, and memory transfer optimization using pinned memory and shared memory. The performance of the pattern-matching algorithms used for DPI was analyzed by using an assorted set of characteristics such as pipeline stalls, shared memory efficiency, warp efficiency, issue slot utilization, and cache hits. The extensive characterization of the algorithms on the GPU architecture and the performance comparison among parallel pattern-matching algorithms on both the GPU and the CPU are the unique contributions of this thesis. Among the GPU-version algorithms, the Aho-Corasick algorithm and the Wu-Manber algorithm outperformed the Rabin-Karp algorithm because the Aho-Corasick and the Wu-Manber algorithms were executed only once for multiple signatures by using the tables generated before the searching phase was begun. According to my evaluation on a NVIDIA K80 GPU, the GPU-accelerated packet processing achieved at least 60 times better performance than CPU-version processing
The UTMOST Survey for Magnetars, Intermittent pulsars, RRATs and FRBs I: System description and overview
We describe the ongoing `Survey for Magnetars, Intermittent pulsars, Rotating
radio transients and Fast radio bursts' (SMIRF), performed using the newly
refurbished UTMOST telescope. SMIRF repeatedly sweeps the southern Galactic
plane performing real-time periodicity and single-pulse searches, and is the
first survey of its kind carried out with an interferometer. SMIRF is
facilitated by a robotic scheduler which is capable of fully autonomous
commensal operations. We report on the SMIRF observational parameters, the data
analysis methods, the survey's sensitivities to pulsars, techniques to mitigate
radio frequency interference and present some early survey results. UTMOST's
wide field of view permits a full sweep of the Galactic plane to be performed
every fortnight, two orders of magnitude faster than previous surveys. In the
six months of operations from January to June 2018, we have performed
sweeps of the Galactic plane with SMIRF. Notable blind re-detections include
the magnetar PSR J16224950, the RRAT PSR J09413942 and the eclipsing
pulsar PSR J17482446A. We also report the discovery of a new pulsar, PSR
J170554. Our follow-up of this pulsar with the UTMOST and Parkes telescopes
at an average flux limit of mJy and mJy respectively,
categorizes this as an intermittent pulsar with a high nulling fraction of Comment: Submitted to MNRAS, comments welcom
On the Exploration of FPGAs and High-Level Synthesis Capabilities on Multi-Gigabit-per-Second Networks
Tesis doctoral inĂ©dita leĂda en la Universidad AutĂłnoma de Madrid, Escuela PolitĂ©cnica Superior, Departamento de TecnologiÌa ElectroÌnica y de las Comunicaciones. Fecha de lectura: 24-01-2020Traffic on computer networks has faced an exponential grown in recent years.
Both links and communication equipment had to adapt in order to provide
a minimum quality of service required for current needs. However, in recent
years, a few factors have prevented commercial off-the-shelf hardware from
being able to keep pace with this growth rate, consequently, some software tools are
struggling to fulfill their tasks, especially at speeds higher than 10 Gbit/s. For this reason,
Field Programmable Gate Arrays (FPGAs) have arisen as an alternative to address the
most demanding tasks without the need to design an application specific integrated
circuit, this is in part to their flexibility and programmability in the field. Needless to say,
developing for FPGAs is well-known to be complex. Therefore, in this thesis we tackle
the use of FPGAs and High-Level Synthesis (HLS) languages in the context of computer
networks. We focus on the use of FPGA both in computer network monitoring application
and reliable data transmission at very high-speed. On the other hand, we intend to shed
light on the use of high level synthesis languages and boost FPGA applicability in the
context of computer networks so as to reduce development time and design complexity.
In the first part of the thesis, devoted to computer network monitoring. We take advantage
of the FPGA determinism in order to implement active monitoring probes, which
consist on sending a train of packets which is later used to obtain network parameters.
In this case, the determinism is key to reduce the uncertainty of the measurements.
The results of our experiments show that the FPGA implementations are much more
accurate and more precise than the software counterpart. At the same time, the FPGA
implementation is scalable in terms of network speed â 1, 10 and 100 Gbit/s. In the context of passive monitoring, we leverage the FPGA architecture to implement algorithms
able to thin cyphered traffic as well as removing duplicate packets. These two algorithms
straightforward in principle, but very useful to help traditional network analysis tools to
cope with their task at higher network speeds. On one hand, processing cyphered traffic
bring little benefits, on the other hand, processing duplicate traffic impacts negatively in
the performance of the software tools.
In the second part of the thesis, devoted to the TCP/IP stack. We explore the current
limitations of reliable data transmission using standard software at very high-speed.
Nowadays, the network is becoming an important bottleneck to fulfill current needs, in
particular in data centers. What is more, in recent years the deployment of 100 Gbit/s
network links has started. Consequently, there has been an increase scrutiny of how
networking functionality is deployed, furthermore, a wide range of approaches are
currently being explored to increase the efficiency of networks and tailor its functionality
to the actual needs of the application at hand. FPGAs arise as the perfect alternative to
deal with this problem. For this reason, in this thesis we develop Limago an FPGA-based
open-source implementation of a TCP/IP stack operating at 100 Gbit/s for Xilinxâs FPGAs.
Limago not only provides an unprecedented throughput, but also, provides a tiny latency
when compared to the software implementations, at least fifteen times. Limago is a key
contribution in some of the hottest topic at the moment, for instance, network-attached
FPGA and in-network data processing
Level Zero Trigger Processor for the NA62 experiment
The NA62 experiment is designed to measure the ultra-rare decay branching ratio with a precision of at the CERN Super Proton Synchrotron (SPS). The trigger system of NA62
consists in three different levels designed to select events of physics
interest in a high beam rate environment. The L0 Trigger Processor (L0TP) is
the lowest level system of the trigger chain. It is hardware implemented using
programmable logic. The architecture of the NA62 L0TP system is a new approach
compared to existing systems used in high-energy physics experiments. It is
fully digital, based on a standard gigabit Ethernet communication between
detectors and the L0TP Board. The L0TP Board is a commercial development board,
mounting a programmable logic device (FPGA). The primitives generated by
sub-detectors are sent asynchronously using the UDP protocol to the L0TP during
the entire beam spill period. The L0TP realigns in time the primitives coming
from seven different sources and performs a data selection based on the
characteristics of the event such as energy, multiplicity and topology of hits
in the sub-detectors. It guarantees a maximum latency of 1 ms. The maximum
input rate is about 10 MHz for each sub-detector, while the design maximum
output trigger rate is 1 MHz. A description of the trigger algorithm is
presented here.Comment: 15 page
Toward Ubiquitous Real-Time Radio Propagation Modeling: The Exploitation of Cyber Resources, GPU and Fast and Accurate EM Algorithms
Radio propagation modeling and prediction play an important role in the understanding of electromagnetic (EM) wave propagation in complex environments, as well as in the design of wireless communications and radar systems
Recommended from our members
Great Plains Network - Kansas State University Agronomy Application Deep Dive
In May 2019, staff members from the Engagement and Performance Operations Center (EPOC) and members of the Great Plains Network (GPN) attending their Annual Meeting meeting met with researchers at Kansas State University (KSU) for the purpose of an Application Deep Dive training session. The goal of this training session was to help characterize the requirements for an agronomy application, to enable cyberinfrastructure support staff to better understand the needs of the researchers they support, and to offer training to GPN members to be able to conduct these on their own. Material for this event includes both the written documentation from the agronomy application at KSU, details about the infrastructure setup at KSU, and also a writeup of the discussion that took place in person on May 20, 2019.
EPOC, GPN, and KSU recorded a set of action items for this use case, continuing the ongoing support and collaboration. These are a reflection of the case study report, and in person discussion
- âŠ