A Dynamically Reconfigured Multi-FPGA Network Platform for High-Speed Malware Collection

摘要

Malicious software has become a major threat tocomputer users on the Internet today. Security researchersneed to gather and analyze large sample sets to developeffective countermeasures. The setting of honeypots, whichemulate vulnerable applications, is one method to collect attackcode. We have proposed a dedicated hardware architecturefor honeypots which allows both high-speed operation at 10 Gb/s and beyond and offers a high resilience againstattacks on the honeypot infrastructure itself. In this work, werefine the base NetStage architecture for better managementand scalability. Using dynamic partial reconfiguration, we cannow update the functionality of the honeypot during operation. To allow the operation of a larger number of vulnerabilityemulation handlers, the initial single-device architecture is extendedto scalable multichip systems. We describe the technicalaspects of these modifications and show results evaluatingan implementation on a current quad-FPGA reconfigurablecomputing platform.