A Dynamically Reconfigured Multi-FPGA Network Platform for High-Speed Malware Collection
Malicious software has become a major threat to computer users on the Internet today. Security researchers need to gather and analyze large sample sets to develop effective countermeasures. The setting of honeypots, which emulate vulnerable applications, is one method to collect attack code. We have...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Wiley
2012-01-01
|
| Series: | International Journal of Reconfigurable Computing |
| Online Access: | http://dx.doi.org/10.1155/2012/342625 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Malicious software has become a major threat to
computer users on the Internet today. Security researchers
need to gather and analyze large sample sets to develop
effective countermeasures. The setting of honeypots, which
emulate vulnerable applications, is one method to collect attack
code. We have proposed a dedicated hardware architecture
for honeypots which allows both high-speed operation at 10 Gb/s and beyond and offers a high resilience against
attacks on the honeypot infrastructure itself. In this work, we
refine the base NetStage architecture for better management
and scalability. Using dynamic partial reconfiguration, we can
now update the functionality of the honeypot during operation.
To allow the operation of a larger number of vulnerability
emulation handlers, the initial single-device architecture is extended
to scalable multichip systems. We describe the technical
aspects of these modifications and show results evaluating
an implementation on a current quad-FPGA reconfigurable
computing platform. |
|---|---|
| ISSN: | 1687-7195 1687-7209 |