Scalable Programmable Appliance-based Network Intrusion Detection Architecture
基于可扩展可编程设备的网络入侵检测架构
基本信息
- 批准号:0231535
- 负责人:
- 金额:$ 40万
- 依托单位:
- 依托单位国家:美国
- 项目类别:Standard Grant
- 财政年份:2003
- 资助国家:美国
- 起止时间:2003-01-01 至 2006-12-31
- 项目状态:已结题
- 来源:
- 关键词:
项目摘要
Network Intrusion Detection Systems (IDS) are one of several tools used by security professionals to detect and respond to security breaches. Typically an IDS is implemented by tapping a network and diverting a copy of every network message to a sensor. Usually, the sensor is a general-purpose computer running software that examines every packet that it receives. This approach to IDS is easy to implement as it relies on off-the-shelf hardware and software. However, the overhead incurred by the general-purpose operating system and the limited I/O throughput of most PC and workstation architectures restrict such IDS to low and medium bandwidth networks. Special-purpose IDS platforms, on the other hand, can be optimized to handle high-bandwidth traffic, but the lack of flexibility and the high cost of custom hardware and software make this approach not viable in practice.Recently, parallel and distributed IDS architectures exist that operate on high bandwidth traffic by distributing network packets over a number of general-purpose machines. This approach combines the flexibility of off-the-shelf hardware and software with the high performance of parallel processing. A systematic study of the scalability of this approach as well as an analysis of suitable packet distribution strategies has not been done. Because such clustered architectures pay a potential penalty in terms of space and power required as they are essentially a set of complete computer systems that occupy shelf or rack space, consume power, and require time consuming management and configuration they have space and power costs that are high.The goal of this project is to develop a scalable parallel appliance-based architecture for network intrusion detection systems that is able to reliably monitor high-bandwidth network segments, yet is cost-efficient and retains the flexibility of general-purpose based IDS. High performance is achieved by distributing network traffic among an array of low-cost sensors in a way that does not impact the quality of intrusion detection, while maximizing the available concurrency and minimizing required communication among sensors. Utilizing off-the-shelf single-board computers leads to an inexpensive and compact design that requires less power than a comparable number of complete workstations or PCs.The key component of a parallel intrusion detection platform architecture is the approach by which network packets are distributed across the sensors. As a result, the system design will by guided by a systematic analysis of network traffic characteristics which will provide input into high-level models and simulations. To verify and evaluate the performance and scalability of the resulting architecture, a prototype system will be implemented based primarily on low-cost off-the-shelf hardware and software. By addressing IDS issues using off the shelf components, a product to assist in security breaches may be quickly developed. This could have large, immediate impact on an important network topic.
网络入侵检测系统(IDS)是安全专业人员用来检测和响应安全漏洞的几种工具之一。通常,通过窃听网络并将每个网络消息的副本转移到传感器来实现入侵检测。通常,传感器是一台运行软件的通用计算机,可以检查它收到的每个数据包。这种入侵检测方法很容易实现,因为它依赖于现成的硬件和软件。然而,通用操作系统带来的开销以及大多数PC和工作站体系结构有限的I/O吞吐量将这种入侵检测系统限制在低带宽和中带宽网络。另一方面,专用入侵检测系统平台可以优化为处理高带宽流量,但缺乏灵活性和定制硬件和软件的高昂成本使这种方法在实践中不可行。最近,存在并行和分布式入侵检测体系结构,通过在多台通用机器上分发网络数据包来操作高带宽流量。这种方法结合了现成硬件和软件的灵活性以及并行处理的高性能。目前还没有对这种方法的可扩展性进行系统的研究,也没有对合适的分组分发策略进行分析。由于这种集群体系结构本质上是一套完整的计算机系统,占用机架或机架空间,消耗电力,需要耗时的管理和配置,因此在空间和电力成本方面可能会付出潜在的代价。本项目的目标是开发一种可扩展的基于并行设备的网络入侵检测系统体系结构,能够可靠地监控高带宽网段,同时具有基于通用入侵检测系统的成本效益和灵活性。通过在一系列低成本传感器之间以不影响入侵检测质量的方式分配网络流量,同时最大化可用并发性并最大限度地减少传感器之间所需的通信,可以实现高性能。利用现成的单板计算机实现了一种廉价而紧凑的设计,与同等数量的完整工作站或PC相比,它需要更少的电力。并行入侵检测平台体系结构的关键组件是在传感器之间分发网络数据包的方法。因此,系统设计将以对网络流量特性的系统分析为指导,这将为高级模型和模拟提供输入。为了验证和评估由此产生的体系结构的性能和可伸缩性,将主要基于低成本的现成硬件和软件实施一个原型系统。通过使用现成的组件解决入侵检测系统的问题,可以快速开发出协助安全漏洞的产品。这可能会对一个重要的网络话题产生巨大的直接影响。
项目成果
期刊论文数量(0)
专著数量(0)
科研奖励数量(0)
会议论文数量(0)
专利数量(0)
数据更新时间:{{ journalArticles.updateTime }}
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
数据更新时间:{{ journalArticles.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ monograph.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ sciAawards.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ conferencePapers.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ patent.updateTime }}
Aaron Striegel其他文献
LTE and WiFi: Experiences with Quality and Consumption
- DOI:
10.1016/j.procs.2014.07.048 - 发表时间:
2014-01-01 - 期刊:
- 影响因子:
- 作者:
Aaron Striegel;Shu Liu;Xueheng Hu;Lei Meng - 通讯作者:
Lei Meng
Aaron Striegel的其他文献
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
{{ truncateString('Aaron Striegel', 18)}}的其他基金
Collaborative Research: FW-HTF-RM: Intelligent Facilitation for Teams of the Future via Longitudinal Sensing in Context
合作研究:FW-HTF-RM:通过上下文中的纵向感知为未来团队提供智能协助
- 批准号:
1928645 - 财政年份:2019
- 资助金额:
$ 40万 - 项目类别:
Standard Grant
NeTS: Small: Leveraging Opportunistic Pushing for CDNs and Mobile Devices
NetS:小型:利用 CDN 和移动设备的机会推送
- 批准号:
1718400 - 财政年份:2017
- 资助金额:
$ 40万 - 项目类别:
Standard Grant
NeTS: Small: Lightweight, Accurate Network Estimation at the Wireless Edge
NeTS:小型:无线边缘的轻量级、准确的网络估计
- 批准号:
1718405 - 财政年份:2017
- 资助金额:
$ 40万 - 项目类别:
Standard Grant
EAGER: NeTS: Pilot Studies on Proximity for Taming the Wireless Data Tsunami
EAGER:NetS:应对无线数据海啸的邻近试验研究
- 批准号:
1500004 - 财政年份:2015
- 资助金额:
$ 40万 - 项目类别:
Standard Grant
SoCS: Explorations on the Effects of Pervasive Networking on Social Relationships and Resource Planning
SoCS:普适网络对社会关系和资源规划影响的探索
- 批准号:
0968529 - 财政年份:2010
- 资助金额:
$ 40万 - 项目类别:
Standard Grant
Curriculum and Laboratory Development Through 3-D Interfacing via the Nintendo Wiimote
通过 Nintendo Wiimote 的 3D 接口进行课程和实验室开发
- 批准号:
0942067 - 财政年份:2010
- 资助金额:
$ 40万 - 项目类别:
Standard Grant
TC:Small: A Formal Inter-Disciplinary Study of the Impact of Security Awareness Efforts on User Behavior
TC:Small:安全意识努力对用户行为影响的正式跨学科研究
- 批准号:
0915775 - 财政年份:2009
- 资助金额:
$ 40万 - 项目类别:
Continuing Grant
SCI/SGER: GRIM Core Framework Development
SCI/SGER:GRIM 核心框架开发
- 批准号:
0412633 - 财政年份:2004
- 资助金额:
$ 40万 - 项目类别:
Standard Grant
CAREER: Transparent Bandwidth Conservation Techniques
职业:透明的带宽节省技术
- 批准号:
0347392 - 财政年份:2004
- 资助金额:
$ 40万 - 项目类别:
Continuing Grant
相似海外基金
DREAM Sentinels: Multiplexable and programmable cell-free ADAR-mediated RNA sensing platform (cfRADAR) for quick and scalable response to emergent viral threats
DREAM Sentinels:可复用且可编程的无细胞 ADAR 介导的 RNA 传感平台 (cfRADAR),可快速、可扩展地响应突发病毒威胁
- 批准号:
2319913 - 财政年份:2024
- 资助金额:
$ 40万 - 项目类别:
Standard Grant
Nonlocal Elastic Metamaterials: Leveraging Intentional Nonlocality to Design Programmable Structures
非局域弹性超材料:利用有意的非局域性来设计可编程结构
- 批准号:
2330957 - 财政年份:2024
- 资助金额:
$ 40万 - 项目类别:
Standard Grant
Development of programmable nanomachines towards the enzymatic synthesis of peptide oligonucleotide conjugates
开发用于肽寡核苷酸缀合物酶促合成的可编程纳米机器
- 批准号:
EP/X019624/1 - 财政年份:2024
- 资助金额:
$ 40万 - 项目类别:
Fellowship
Gecko Inspired Autonomous Fabrication Of Programmable Two-dimensional Quantum Materials
壁虎启发可编程二维量子材料的自主制造
- 批准号:
EP/Y026284/1 - 财政年份:2024
- 资助金额:
$ 40万 - 项目类别:
Research Grant
NSF Convergence Accelerator Track M: Enabling novel photonic neuromorphic devices through bridging DNA-programmable assembly and nanofabrication
NSF 融合加速器轨道 M:通过桥接 DNA 可编程组装和纳米制造实现新型光子神经形态设备
- 批准号:
2344415 - 财政年份:2024
- 资助金额:
$ 40万 - 项目类别:
Standard Grant
CC*Integration-Large: Programmable Network Testbed for 400 Gbps Science DMZ
CC*Integration-Large:400 Gbps Science DMZ 的可编程网络测试台
- 批准号:
2346605 - 财政年份:2024
- 资助金额:
$ 40万 - 项目类别:
Standard Grant
CRII: AF: Reconfiguration Algorithms for Programmable Matter
CRII:AF:可编程物质的重新配置算法
- 批准号:
2348067 - 财政年份:2024
- 资助金额:
$ 40万 - 项目类别:
Standard Grant
OAC Core: Enhancing Network Security by Implementing an ML Malware Detection and Classification Scheme in P4 Programmable Data Planes and SmartNICs
OAC 核心:通过在 P4 可编程数据平面和智能网卡中实施 ML 恶意软件检测和分类方案来增强网络安全
- 批准号:
2403360 - 财政年份:2024
- 资助金额:
$ 40万 - 项目类别:
Standard Grant
CAREER: Developing Ultrasound-Programmable 3D-Printed Biomaterials for Spatiotemporal Control of Gene Delivery
职业:开发用于基因传递时空控制的超声波可编程 3D 打印生物材料
- 批准号:
2339254 - 财政年份:2024
- 资助金额:
$ 40万 - 项目类别:
Continuing Grant
Programmable Ferroelectric Nanoelectronics for In-memory Computing
用于内存计算的可编程铁电纳米电子学
- 批准号:
DP240102137 - 财政年份:2024
- 资助金额:
$ 40万 - 项目类别:
Discovery Projects