Application of Hardware
Accelerated Extensible Network Nodes for Internet Worm and
Virus Protection
Abstract. Today’s
crucial information networks are vulnerable to fast-moving
attacks by Internet worms and computer viruses. These
attacks have the potential to cripple the Internet and
compromise the integrity of the data on the end-user
machines. Without new types of protection, the Internet
remains susceptible to the assault of increasingly aggressive
attacks. A platform has been implemented that actively
detects and blocks worms and viruses at multi-Gigabit/second
rates. It uses the Field-programmable Port Extender (FPX)
to scan for signatures of malicious software (malware)
carried in packet payloads. Dynamically reconfigurable
Field Programmable Gate Array (FPGA) logic tracks the
state of Internet flows and searches for regular expressions
and fixedstrings that appear in the content of packets.
Protection is achieved by the incremental deployment
of systems throughout the Internet.
Introduction. Computer
virus and Internet worm attacks are pervasive, aggravating,
and expensive, both in terms of lost productivity and consumption
of network bandwidth. Attacks by Nimba, Code Red, Slammer,
SoBig.F, and MSBlast have infected computers globally, clogged
large computer networks, and degraded corporate productivity
[1]. It can take weeks to months for Information Technology
staff to sanitize infected computers throughout a network
after an outbreak. The direct cost to recover from just the ‘Code
Red version two’ worm alone was $2.6 billion.
In much the same way that
a human virus spreads between people that come in contact,
computer viruses and Internet worms spread when computers
communicate electronically. Once a few systems are compromised,
they proceed to infect other machines, which in turn quickly
spread the infection throughout a network [2]. As is the
case with the spread of a contagious disease like SARS, the
number of infected computers will grow exponentially unless
contained. Computer systems spread contagion much more quickly
than humans because they can communicate nearly instantly
over large geographical distances.
“The Blaster worm
infected over 400,000 computers in less than five days. In
fact, about one in three Internet users are infected with
some type of virus or worm every year. The speed at which
worms and viruses can spread is astonishing. What’s
equally astonishing is the lethargic pace at which people
deploy the patches that can prevent infection in the first
place”, Congressman Adam Putnam said recently when
he opened a congressional hearing.
|
