Files in this item

FilesDescriptionFormat

application/pdf

application/pdfAlbrecht_David.pdf (346kB)
(no description provided)PDF

Description

Title:High Performance Network Intrusion Detection: A New Paradigm is Needed
Author(s):Albrecht, David R.
Advisor(s):Borisov, Nikita
Contributor(s):Borisov, Nikita
Department / Program:Electrical & Computer Eng
Discipline:Electrical & Computer Engr
Degree Granting Institution:University of Illinois at Urbana-Champaign
Degree:M.S.
Genre:Thesis
Subject(s):intrusion detection
computer architecture
multicore
stream processing
click
bro
vespa
parallelism
Abstract:Fast data rates and complicated protocols have outpaced network intrusion detection systems. Administrators are forced to choose between breadth and depth: systems either deeply analyze traffic for a small handful of vulnerabilities, or search for many in parallel using more primitive (and easily evadable) techniques. We present a new parser architecture called VESPA, which uses the concept of vulnerability signatures to offer both speed and accuracy. VESPA is informed by a study of network protocols, which precedes the design. We conclude by reviewing several trends in computer architecture, and their impact on future intrusion detection systems. We believe a system which offers both speed and accuracy is possible, but requires rethinking how network intrusion detectors are designed, in light of trends in computer architecture.
Issue Date:2010-01-06
URI:http://hdl.handle.net/2142/14658
Rights Information:Copyright 2009 David Albrecht.
Date Available in IDEALS:2010-01-06
Date Deposited:December 2


This item appears in the following Collection(s)

Item Statistics