Detection and prevention of flood-based DDoS attacks by using FPGA-based equipment

OData support
Dr. Varga Pál
Department of Telecommunications and Media Informatics

Defending networks from malicious actors becomes harder every year. The hackers are finding ways to mount more massive and more elaborated ways to attack content pro-viders. Security experts have to constantly upgrade and develop their solutions to com-bat these threats.

The question remains, how one can defend his systems against the next generation of DDoS (Distributed Denial of Service) attacks, what kind of devices could be most effi-cient in these matters. We have to adapt our techniques and tools to battle the ever-changing threats. In my thesis, I show the latest trends of this field and try to provide a solution to them. The main purpose of my paper is to present the hardware based IDS (intrusion detection system) I designed and implemented.

Introducing FPGA (Field Programmable Gate Array) hardware into mostly software oriented process opens up new set of opportunities. The FPGA hardware enables high-speed parallel processing capabilities, which can increase the complexity and speed of the detection process. The FPGA-based system can detect certain DDoS attacks in the fraction of the time, what would be needed for a purely software based system.

The further purpose of my thesis is to describe, how one can develop firmware to a high speed FPGA based packet processing system, which can detect the most common and most hazardous attacks. As a case study, the paper proves the concept’s ability to detect and shutdown (D)DoS attacks of different type and complexity. Although this thesis does not provide engineering solutions for all the types, it targets the majority of attacks. It displays a flexible, extensible system and solutions for the most common attacks, and a guide to design modules for other type of attacks. The validation process includes the usage of traffic patterns recorded during multiple attacks against NIIFI ((Hungarian) National Information Infrastructure) and the usage for some of the most popular attack tools designed to bring down servers. The hardware's data processing ability provides us a high resolution image of the switching system, which can be used to support SDN (Software Defined Networking) controllers’ decision making.


Please sign in to download the files of this thesis.