Towards HardLANs: Building Network Intrusion Detection to 1 Gbps and beyond
- Nicholas Weaver | International Computer Science Institute, Berkeley
With the advent of worms, passive malcode, and sophisticated attackers, the “Big Firewall” model of security has failed. To build robust commercial networks in the future, security will need to move into the LAN infrastructure. The LAN vantage point requires a nearly two-order-of-magnitude cost/performance improvement over conventional network intrusion detection and response.
In this talk, I introduce the rational for LAN-centric defences and the difficulties in implementing for these targets. I will then discuss our work on Shunting, a technique which enables the Bro intrusion detection to operate at Gigabit line rate with the addition of a small piece of hardware support. The small hardware enables Bro to decide, on a connection by connection basis, whether a connection requires further analysis. We have completed and verified the software API, and are currently implementing the hardware on the NetFPGA2 platform.
(Work in collaboration with Vern Paxson and Jose Maria Gonzalez)
Speaker Details
Nicholas Weaver is a recent Ph.D. from the University of California at Berkeley, and is now a researcher at the International Computer Science Institute in Berkeley. His research interests involve FPGA (Field Programmable Gate Arrays) and computer security. His security work has focused on the threat of high-speed worms and other Internet-scale attacks, and automatic, network level defenses to counter these threats.
-
-
Jeff Running
-
Watch Next
-
Dion2: A new simple method to shrink matrix in Muon
- Anson Ho,
- Kwangjun Ahn
-
-
-
-
-
-
-
Beyond Swahili: Designing Inclusive AI for Bantu Languages
- Alfred Malengo Kondoro
-
-
