|
| This Article | ||
| ||
| Share | ||
| Bibliographic References | ||
| Add to: | ||
 Digg  Furl  Spurl  Blink  Simpy  Google  Del.icio.us  Y!MyWeb | ||
| Search | ||
| ||
| ASCII Text | x | ||
| Zhen Chen, Chuang Lin, Jia Ni, Dong-Hua Ruan, Bo Zheng, Yi-Xin Jiang, "AntiWorm NPU-based Parallel Bloom Filters for TCP/IP Content Processing in Giga-Ethernet LAN," 37th Annual IEEE Conference on Local Computer Networks, pp. 748-755, The IEEE Conference on Local Computer Networks 30th Anniversary (LCN'05)l, 2005. | |||
| BibTex | x | ||
| @article{ 10.1109/LCN.2005.31, author = {Zhen Chen and Chuang Lin and Jia Ni and Dong-Hua Ruan and Bo Zheng and Yi-Xin Jiang}, title = {AntiWorm NPU-based Parallel Bloom Filters for TCP/IP Content Processing in Giga-Ethernet LAN}, journal ={37th Annual IEEE Conference on Local Computer Networks}, volume = {0}, year = {2005}, issn = {0742-1303}, pages = {748-755}, doi = {http://doi.ieeecomputersociety.org/10.1109/LCN.2005.31}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, } | |||
| RefWorks Procite/RefMan/Endnote | x | ||
| TY - CONF JO - 37th Annual IEEE Conference on Local Computer Networks TI - AntiWorm NPU-based Parallel Bloom Filters for TCP/IP Content Processing in Giga-Ethernet LAN SN - 0742-1303 SP748 EP755 A1 - Zhen Chen, A1 - Chuang Lin, A1 - Jia Ni, A1 - Dong-Hua Ruan, A1 - Bo Zheng, A1 - Yi-Xin Jiang, PY - 2005 KW - Network Security KW - Worms KW - Network Processors KW - TCP/IP Protocol suite KW - Parallel Bloom Filter KW - Deep Packet Inspection KW - Stateful TCP inspection. VL - 0 JA - 37th Annual IEEE Conference on Local Computer Networks ER - | |||
TCP/IP protocol suite carries most application data in Internet. TCP flow retrieval has more security meanings than the IP packet payload. Hence, monitoring the TCP flow has more strength than only monitoring the IP packet payload in the AntiWorm system. The main idea of this paper is to use the flexibility and high performance of Network Processors to scan TCP flow for locating worm?s binary codes, and cut off their propagation. A stateful TCP flow inspection engine is implemented based on IXP Network Processor, which can monitor about 512K flows. The performance issues about IXP Network Processors are evaluated and collected, and an analysis is made for further optimizing the system performance. The system is also demonstrated and proved by using the Internet traces and real assaults of Worms. Software Package TCPScanner 1.0 is also given as a software release of the research.