Comparison of Hash Functions for Network Traffic Acquisition Using a Hardware-Accelerated Probe
Paweł Szumełda1  Mariusz Rawski1  Mateusz Korona1  Artur Janicki1 
[1] Faculty of Electronics and Information Technology, Warsaw University of Technology, Nowowiejska 15/19, 00-665 Warsaw, Poland;
关键词: traffic analysis;    network probe;    hash function;    SHA-3;    FPGA;   
DOI  :  10.3390/electronics11111688
来源: DOAJ
【 摘 要 】

In this article we address the problem of efficient and secure monitoring of computer network traffic. We proposed, implemented, and tested a hardware-accelerated implementation of a network probe, using the DE5-Net FPGA development platform. We showed that even when using a cryptographic SHA-3 hash function, the probe uses less than 17% of the available FPGA resources, offering a throughput of over 20 Gbit/s. We have also researched the problem of choosing an optimal hash function to be used in a network probe for addressing network flows in a flow cache. In our work we compared five 32-bit hash functions, including two cryptographic ones: SHA-1 and SHA-3. We ran a series of experiments with various hash functions, using traffic replayed from the CICIDS 2017 dataset. We showed that SHA-1 and SHA-3 provide flow distributions as uniform as the ones offered by the modified Vermont hash function proposed in 2008 (i.e., with low means and standard deviations of the bucket occupation), yet assuring higher security against potential attacks on a network probe.

【 授权许可】


  下载次数:0次 浏览次数:1次