Rethinking hardware support for network analysis and intrusion prevention

Authors:
V. Paxson;K. Asanović;S. Dharmapurikar;J. Lockwood;R. Pang;R. Sommer;N. Weaver
Affiliations:
International Computer Science Institute;Massachusetts Institute of Technology;Nuova Systems;Washington University;Princeton University;International Computer Science Institute;International Computer Science Institute
Venue:
HOTSEC'06 Proceedings of the 1st USENIX Workshop on Hot Topics in Security
Year:
2006

Citing 0
Cited 12

binpac: a yacc for writing application protocol parsers

Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
DPICO: a high speed deep packet inspection engine using compact finite automata

Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
A programmable architecture for scalable and real-time network traffic measurements

Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Performance Improvement by Means of Collaboration between Network Intrusion Detection Systems

CNSR '09 Proceedings of the 2009 Seventh Annual Communication Networks and Services Research Conference
The NIDS cluster: scalable, stateful network intrusion detection on commodity hardware

RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Thwarting zero-day polymorphic worms with network-level length-based signature generation

IEEE/ACM Transactions on Networking (TON)
OpenGate: Towards an open network services gateway

Computer Communications
MIDeA: a multi-parallel intrusion detection architecture

Proceedings of the 18th ACM conference on Computer and communications security
Intrusion Detection: Towards scalable intrusion detection

Network Security
Deep packet inspection tools and techniques in commodity platforms: Challenges and trends

Journal of Network and Computer Applications
A decentralized clustering scheme for transparent mode devices

Cluster Computing
The Impact of the Mode of Data Representation for the Result Quality of the Detection and Filtering of Spam

International Journal of Information Retrieval Research

Quantified Score

Hi-index	0.00

Visualization

Abstract

The performance pressures on implementing effective network security monitoring are growing fiercely due to rising traffic rates, the need to perform much more sophisticated forms of analysis, the requirement for inline processing, and the collapse of Moore's law for sequential processing. Given these growing pressures, we argue that it is time to fundamentally rethink the nature of using hardware to support network security analysis. Clearly, to do so we must leverage massively parallel computing elements, as only these can provide the necessary performance. The key, however, is to devise an abstraction of parallel processing that will allow us to expose the parallelism latent in semantically rich, stateful analysis algorithms; and that we can then further compile to hardware platforms with different capabilities.