Hardware Acceleration of Network Intrusion Detection System Using FPGA

This thesis presents new algorithms and hardware designs for Signature-based Network Intrusion Detection System (SB-NIDS) optimisation exploiting a hybrid hardwaresoftware co-designed embedded processing platform. The work describe concentrates on optimisation of a complete SB-NIDS Snort application software on a FPGA based hardware-software target rather than on the implementation of a single functional unit for hardware acceleration. Pattern Matching Hardware Accelerator (PMHA) based on Bloom filter was designed to optimise SB-NIDS performance for execution on a Xilinx MicroBlaze soft-core processor. The Bloom filter approach enables the potentially large number of network intrusion attack patterns to be efficiently represented and searched primarily using accesses to FPGA on-chip memory. The thesis demonstrates, the viability of hybrid hardware-software co-designed approach for SB-NIDS. Future work is required to investigate the effects of later generation FPGA technology and multi-core processors in order to clearly prove the benefits over conventional processor platforms for SB-NIDS. The strengths and weaknesses of the hardware accelerators and algorithms are analysed, and experimental results are examined to determine the effectiveness of the implementation. Experimental results confirm that the PMHA is capable of performing network packet analysis for gigabit rate network traffic. Experimental test results indicate that our SB-NIDS prototype implementation on relatively low clock rate embedded processing platform performance is approximately 1.7 times better than Snort executing on a general purpose processor on PC when comparing processor cycles rather than wall clock time

Network Traffic Anomaly-Detection Framework Using GPUs

Network security has been very crucial for the software industry. Deep packet inspection (DPI) is one of the widely used approaches in enforcing network security. Due to the high volume of network traffic, it is challenging to achieve high performance for DPI in real time. In this thesis, a new DPI framework is presented that accelerates packet header checking and payload inspection on graphics processing units (GPUs). Various optimizations were applied to GPU-version packet inspection, such as thread-level and block-level packet assignment, warp divergence elimination, and memory transfer optimization using pinned memory and shared memory. The performance of the pattern-matching algorithms used for DPI was analyzed by using an assorted set of characteristics such as pipeline stalls, shared memory efficiency, warp efficiency, issue slot utilization, and cache hits. The extensive characterization of the algorithms on the GPU architecture and the performance comparison among parallel pattern-matching algorithms on both the GPU and the CPU are the unique contributions of this thesis. Among the GPU-version algorithms, the Aho-Corasick algorithm and the Wu-Manber algorithm outperformed the Rabin-Karp algorithm because the Aho-Corasick and the Wu-Manber algorithms were executed only once for multiple signatures by using the tables generated before the searching phase was begun. According to my evaluation on a NVIDIA K80 GPU, the GPU-accelerated packet processing achieved at least 60 times better performance than CPU-version processing

The UTMOST Survey for Magnetars, Intermittent pulsars, RRATs and FRBs I: System description and overview

We describe the ongoing `Survey for Magnetars, Intermittent pulsars, Rotating radio transients and Fast radio bursts' (SMIRF), performed using the newly refurbished UTMOST telescope. SMIRF repeatedly sweeps the southern Galactic plane performing real-time periodicity and single-pulse searches, and is the first survey of its kind carried out with an interferometer. SMIRF is facilitated by a robotic scheduler which is capable of fully autonomous commensal operations. We report on the SMIRF observational parameters, the data analysis methods, the survey's sensitivities to pulsars, techniques to mitigate radio frequency interference and present some early survey results. UTMOST's wide field of view permits a full sweep of the Galactic plane to be performed every fortnight, two orders of magnitude faster than previous surveys. In the six months of operations from January to June 2018, we have performed $\sim 10$ sweeps of the Galactic plane with SMIRF. Notable blind re-detections include the magnetar PSR J1622$-$4950, the RRAT PSR J0941$-$3942 and the eclipsing pulsar PSR J1748$-$2446A. We also report the discovery of a new pulsar, PSR J1705$-$54. Our follow-up of this pulsar with the UTMOST and Parkes telescopes at an average flux limit of $\leq 20$ mJy and $\leq 0.16$ mJy respectively, categorizes this as an intermittent pulsar with a high nulling fraction of $< 0.002$Comment: Submitted to MNRAS, comments welcom

On the Exploration of FPGAs and High-Level Synthesis Capabilities on Multi-Gigabit-per-Second Networks

Tesis doctoral inédita leída en la Universidad Autónoma de Madrid, Escuela Politécnica Superior, Departamento de Tecnología Electrónica y de las Comunicaciones. Fecha de lectura: 24-01-2020Traffic on computer networks has faced an exponential grown in recent years. Both links and communication equipment had to adapt in order to provide a minimum quality of service required for current needs. However, in recent years, a few factors have prevented commercial off-the-shelf hardware from being able to keep pace with this growth rate, consequently, some software tools are struggling to fulfill their tasks, especially at speeds higher than 10 Gbit/s. For this reason, Field Programmable Gate Arrays (FPGAs) have arisen as an alternative to address the most demanding tasks without the need to design an application specific integrated circuit, this is in part to their flexibility and programmability in the field. Needless to say, developing for FPGAs is well-known to be complex. Therefore, in this thesis we tackle the use of FPGAs and High-Level Synthesis (HLS) languages in the context of computer networks. We focus on the use of FPGA both in computer network monitoring application and reliable data transmission at very high-speed. On the other hand, we intend to shed light on the use of high level synthesis languages and boost FPGA applicability in the context of computer networks so as to reduce development time and design complexity. In the first part of the thesis, devoted to computer network monitoring. We take advantage of the FPGA determinism in order to implement active monitoring probes, which consist on sending a train of packets which is later used to obtain network parameters. In this case, the determinism is key to reduce the uncertainty of the measurements. The results of our experiments show that the FPGA implementations are much more accurate and more precise than the software counterpart. At the same time, the FPGA implementation is scalable in terms of network speed — 1, 10 and 100 Gbit/s. In the context of passive monitoring, we leverage the FPGA architecture to implement algorithms able to thin cyphered traffic as well as removing duplicate packets. These two algorithms straightforward in principle, but very useful to help traditional network analysis tools to cope with their task at higher network speeds. On one hand, processing cyphered traffic bring little benefits, on the other hand, processing duplicate traffic impacts negatively in the performance of the software tools. In the second part of the thesis, devoted to the TCP/IP stack. We explore the current limitations of reliable data transmission using standard software at very high-speed. Nowadays, the network is becoming an important bottleneck to fulfill current needs, in particular in data centers. What is more, in recent years the deployment of 100 Gbit/s network links has started. Consequently, there has been an increase scrutiny of how networking functionality is deployed, furthermore, a wide range of approaches are currently being explored to increase the efficiency of networks and tailor its functionality to the actual needs of the application at hand. FPGAs arise as the perfect alternative to deal with this problem. For this reason, in this thesis we develop Limago an FPGA-based open-source implementation of a TCP/IP stack operating at 100 Gbit/s for Xilinx’s FPGAs. Limago not only provides an unprecedented throughput, but also, provides a tiny latency when compared to the software implementations, at least fifteen times. Limago is a key contribution in some of the hottest topic at the moment, for instance, network-attached FPGA and in-network data processing

Level Zero Trigger Processor for the NA62 experiment

The NA62 experiment is designed to measure the ultra-rare decay $K^+ \rightarrow \pi^+ \nu \bar{\nu}$ branching ratio with a precision of $\sim 10\%$ at the CERN Super Proton Synchrotron (SPS). The trigger system of NA62 consists in three different levels designed to select events of physics interest in a high beam rate environment. The L0 Trigger Processor (L0TP) is the lowest level system of the trigger chain. It is hardware implemented using programmable logic. The architecture of the NA62 L0TP system is a new approach compared to existing systems used in high-energy physics experiments. It is fully digital, based on a standard gigabit Ethernet communication between detectors and the L0TP Board. The L0TP Board is a commercial development board, mounting a programmable logic device (FPGA). The primitives generated by sub-detectors are sent asynchronously using the UDP protocol to the L0TP during the entire beam spill period. The L0TP realigns in time the primitives coming from seven different sources and performs a data selection based on the characteristics of the event such as energy, multiplicity and topology of hits in the sub-detectors. It guarantees a maximum latency of 1 ms. The maximum input rate is about 10 MHz for each sub-detector, while the design maximum output trigger rate is 1 MHz. A description of the trigger algorithm is presented here.Comment: 15 page

Toward Ubiquitous Real-Time Radio Propagation Modeling: The Exploitation of Cyber Resources, GPU and Fast and Accurate EM Algorithms

Radio propagation modeling and prediction play an important role in the understanding of electromagnetic (EM) wave propagation in complex environments, as well as in the design of wireless communications and radar systems

Great Plains Network - Kansas State University Agronomy Application Deep Dive

In May 2019, staff members from the Engagement and Performance Operations Center (EPOC) and members of the Great Plains Network (GPN) attending their Annual Meeting meeting met with researchers at Kansas State University (KSU) for the purpose of an Application Deep Dive training session. The goal of this training session was to help characterize the requirements for an agronomy application, to enable cyberinfrastructure support staff to better understand the needs of the researchers they support, and to offer training to GPN members to be able to conduct these on their own. Material for this event includes both the written documentation from the agronomy application at KSU, details about the infrastructure setup at KSU, and also a writeup of the discussion that took place in person on May 20, 2019. EPOC, GPN, and KSU recorded a set of action items for this use case, continuing the ongoing support and collaboration. These are a reflection of the case study report, and in person discussion