High Performance Network Intrusion Detection: A New Paradigm is Needed
Albrecht, David R.
Loading…
Permalink
https://hdl.handle.net/2142/14658
Description
Title
High Performance Network Intrusion Detection: A New Paradigm is Needed
Author(s)
Albrecht, David R.
Issue Date
2010-01-06T16:20:41Z
Director of Research (if dissertation) or Advisor (if thesis)
Borisov, Nikita
Doctoral Committee Chair(s)
Borisov, Nikita
Department of Study
Electrical & Computer Eng
Discipline
Electrical & Computer Engr
Degree Granting Institution
University of Illinois at Urbana-Champaign
Degree Name
M.S.
Degree Level
Thesis
Keyword(s)
intrusion detection
computer architecture
multicore
stream processing
click
bro
vespa
parallelism
Abstract
Fast data rates and complicated protocols have outpaced network intrusion detection systems. Administrators are forced to choose between breadth and depth: systems either deeply analyze traffic for a small handful of vulnerabilities, or search for many in parallel using more primitive (and easily evadable) techniques. We present a new parser architecture called VESPA, which uses the concept of vulnerability signatures to offer both speed and accuracy. VESPA is informed by a study of network protocols, which precedes the design. We conclude by reviewing several trends in
computer architecture, and their impact on future intrusion detection systems. We believe a system which offers both speed and accuracy is
possible, but requires rethinking how network intrusion detectors are designed, in light of trends in computer architecture.
Use this login method if you
don't
have an
@illinois.edu
email address.
(Oops, I do have one)
IDEALS migrated to a new platform on June 23, 2022. If you created
your account prior to this date, you will have to reset your password
using the forgot-password link below.
