High Performance Network Intrusion Detection: A New Paradigm is Needed

Albrecht, David R.

Permalink

https://hdl.handle.net/2142/14658 Copy

Description

Title

High Performance Network Intrusion Detection: A New Paradigm is Needed

Author(s)

Albrecht, David R.

Issue Date

2010-01-06T16:20:41Z

Director of Research (if dissertation) or Advisor (if thesis)

Borisov, Nikita

Doctoral Committee Chair(s)

Borisov, Nikita

Department of Study

Electrical & Computer Eng

Discipline

Electrical & Computer Engr

Degree Granting Institution

University of Illinois at Urbana-Champaign

Degree Name

M.S.

Degree Level

Thesis

Keyword(s)

• intrusion detection
• computer architecture
• multicore
• stream processing
• click
• bro
• vespa
• parallelism

Abstract

Fast data rates and complicated protocols have outpaced network intrusion detection systems. Administrators are forced to choose between breadth and depth: systems either deeply analyze traffic for a small handful of vulnerabilities, or search for many in parallel using more primitive (and easily evadable) techniques. We present a new parser architecture called VESPA, which uses the concept of vulnerability signatures to offer both speed and accuracy. VESPA is informed by a study of network protocols, which precedes the design. We conclude by reviewing several trends in computer architecture, and their impact on future intrusion detection systems. We believe a system which offers both speed and accuracy is possible, but requires rethinking how network intrusion detectors are designed, in light of trends in computer architecture.

Graduation Semester

2009-12

Permalink

http://hdl.handle.net/2142/14658

Copyright and License Information

Copyright 2009 David Albrecht.

Owning Collections