CAREER: adaptive intrusion detection systems

Issued as final reportNational Science Foundation (U.S.

Linear analysis of binary data as an aid to anomaly detection

This research focused on spreading packed load in increase throughput, rather than the analysis of the packets themselves. Using singular value decomposition to examine the binary structure of the individual packets, it is possible to perform frequency analysis to identify and classify data, thereby potentially allowing for a new type of paradigm for malicious packet/data identification

Analysis of e-mail attachment signatures for potential use by intrusion detection systems

Today, an Intrusion Detection System (IDS) is almost a necessity. The effectiveness of an IDS depends on the number of parameters it can monitor to report malicious activity. Current Intrusion Detection Systems monitor packet headers only.;This thesis investigates the possibility of monitoring network packet data as one of the parameters for IDS. This is done by finding a pattern in each type of payload. This pattern might then be related to the application to which it belongs. Based on this pattern, an attempt is made to determine if there is a difference in packets generated by different applications.;This investigation limits the classification to packets generated by E-mail attachments. Frequency of characters in packet data is used to generate a pattern. This frequency is limited to Base64 alphabets. Based on these patterns, certain E-mail attachments can be related to the source type of the attached file

Adversarial Deep Learning and Security with a Hardware Perspective

Adversarial deep learning is the field of study which analyzes deep learning in the presence of adversarial entities. This entails understanding the capabilities, objectives, and attack scenarios available to the adversary to develop defensive mechanisms and avenues of robustness available to the benign parties. Understanding this facet of deep learning helps us improve the safety of the deep learning systems against external threats from adversaries. However, of equal importance, this perspective also helps the industry understand and respond to critical failures in the technology. The expectation of future success has driven significant interest in developing this technology broadly. Adversarial deep learning stands as a balancing force to ensure these developments remain grounded in the real-world and proceed along a responsible trajectory. Recently, the growth of deep learning has begun intersecting with the computer hardware domain to improve performance and efficiency for resource constrained application domains. The works investigated in this dissertation constitute our pioneering efforts in migrating adversarial deep learning into the hardware domain alongside its parent field of research

All-optical header processing in a 42.6Gb/s optoelectronic firewall

A novel architecture to enable future network security systems to provide effective protection in the context of continued traffic growth and the need to minimise energy consumption is proposed. It makes use of an all-optical pre-filtering stage operating at the line rate under software control to distribute incoming packets to specialised electronic processors. An experimental system that integrates software controls and electronic interfaces with an all-optical pattern recognition system has demonstrated the key functions required by the new architecture. As an example, the ability to sort packets arriving in a 42.6Gb/s data stream according to their service type was shown experimentally

A FRAMEWORK FOR PERFORMANCE EVALUATION OF ASIPS IN NETWORK-BASED IDS

ABSTRACT Nowadays efficient usage of high-tech security tools and appliances is considered as an important criterion for security improvement of computer networks. Based on this assumption, Intrusion Detection and Prevention Systems (IDPS) have key role for applying the defense in depth strategy. In this situation, by increasing network bandwidth in addition to increasing number of threats, Network-based IDPSes have been faced with performance challenge for processing of huge traffic in the networks. A general solution for this bottleneck is exploitation of efficient hardware architectures for performance improvement of IDPS. In this paper a framework for analysis and performance evaluation of application specific instruction set processors is presented for usage in application of attack detection in Networkbased Intrusion Detection Systems(NIDS). By running this framework as a security application on V85