The paper introduces a topology mutation – the novel concept in Moving Target Defense (MTD). MTD is a new technique that represents a significant shift in cyber defense. Traditional cybersecurity techniques have primarily focused on the passive defense of static networks only. In MTD approach cyber attackers are confused by making the attack surface dynamic, and thus harder to probe and infiltrate. The emergence of Network Functions Virtualization (NFV) and Software-Defined Networking (SDN) technology has opened up new possibilities in network architecture management. The application of combined NFV and SDN technologies provides a unique platform for implementing MTD techniques for securing the network infrastructure by morphing the logical view of the network topology.
Abstract Distributed arithmetic is well known technique of designing FIR filters in FPGA devices. The quality of such filter implementation strongly depends on synthesis results of the DALUT block. Heterogeneity of modern FPGA structures introduces new possibilities into implementation process, that may lead to better results, but also makes it more complicated. This paper presents the simple mathematical model for estimating the necessary FPGA resources to implement DA-LUT using decomposition-based approach. The model takes into account the type of logic cells or memory blocks used for decomposition process. The proposed model is helpful to determinate the DALUT decomposition strategy for further automation of modified distributed arithmetic decomposition method
In modern digital world, there is a strong demand for efficient data streams processing methods. One of application areas is cybersecurity — IPsec is a suite of protocols that adds security to communication at the IP level. This paper presents principles of high-performance FPGA architecture for data streams processing on example of IPsec gateway implementation. Efficiency of the proposed solution allows to use it in networks with data rates of several Gbit/s.