Sujayyendhiren RS, Kaiqi Xiong and Minseok Kwon Rochester Institute of Technology Motivation Experimental Setup in ProtoGENI Conclusions and Future Work.

Slides:



Advertisements
Similar presentations
Network II.5 simulator ..
Advertisements

IP Router Architectures. Outline Basic IP Router Functionalities IP Router Architectures.
A Search Memory Substrate for High Throughput and Low Power Packet Processing Sangyeun Cho, Michel Hanna and Rami Melhem Dept. of Computer Science University.
CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks or: How to Provide Security Monitoring as a Service in Clouds? Seungwon.
A Scalable and Reconfigurable Search Memory Substrate for High Throughput Packet Processing Sangyeun Cho and Rami Melhem Dept. of Computer Science University.
Slick: A control plane for middleboxes Bilal Anwer, Theophilus Benson, Dave Levin, Nick Feamster, Jennifer Rexford Supported by DARPA through the U.S.
OpenSketch Slides courtesy of Minlan Yu 1. Management = Measurement + Control Traffic engineering – Identify large traffic aggregates, traffic changes.
CS/CoE 535 : Snort Lite - Fall Snort Lite Members Michael Attig –Hardware Design / System Architecture Qian Wan –Software Design.
Reviewer: Jing Lu Gigabit Rate Packet Pattern- Matching Using TCAM Fang Yu, Randy H. Katz T. V. Lakshman UC Berkeley Bell Labs, Lucent ICNP’2004.
Scalable Flow-Based Networking with DIFANE 1 Minlan Yu Princeton University Joint work with Mike Freedman, Jennifer Rexford and Jia Wang.
Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.
Using Cell Processors for Intrusion Detection through Regular Expression Matching with Speculation Author: C˘at˘alin Radu, C˘at˘alin Leordeanu, Valentin.
Technical Architectures
Topics in Advanced Network Security 1 Stateful Intrusion Detection for High Speed Networks Christopher Kruegel Fredrick Valeur Giovanni Vigna Richard Kemmerer.
Efficient IP-Address Lookup with a Shared Forwarding Table for Multiple Virtual Routers Author: Jing Fu, Jennifer Rexford Publisher: ACM CoNEXT 2008 Presenter:
Chapter Physical Database Design Methodology Software & Hardware Mapping Logical Design to DBMS Physical Implementation Security Implementation Monitoring.
Incremental Network Programming for Wireless Sensors IEEE SECON 2004 Jaein Jeong and David Culler UC Berkeley, EECS.
Students:Gilad Goldman Lior Kamran Supervisor:Mony Orbach Mid-Semester Presentation Spring 2005 Network Sniffer.
Deep Packet Inspection with Regular Expression Matching Min Chen, Danny Guo {michen, CSE Dept, UC Riverside 03/14/2007.
Gnort: High Performance Intrusion Detection Using Graphics Processors Giorgos Vasiliadis, Spiros Antonatos, Michalis Polychronakis, Evangelos Markatos,
Lecture 11 Intrusion Detection (cont)
BUFFALO: Bloom Filter Forwarding Architecture for Large Organizations Minlan Yu Princeton University Joint work with Alex Fabrikant,
Hash, Don’t Cache: Fast Packet Forwarding for Enterprise Edge Routers Minlan Yu Princeton University Joint work with Jennifer.
Jennifer Rexford Princeton University MW 11:00am-12:20pm Programmable Data Planes COS 597E: Software Defined Networking.
Chirag N. Modi and Prof. Dhiren R. Patel NIT Surat, India Ph. D Colloquium, CSI-2011 Signature Apriori based Network.
Research on cloud computing application in the peer-to-peer based video-on-demand systems Speaker : 吳靖緯 MA0G rd International Workshop.
Sarang Dharmapurikar With contributions from : Praveen Krishnamurthy,
Software-Defined Networks Jennifer Rexford Princeton University.
Fast and deterministic hash table lookup using discriminative bloom filters  Author: Kun Huang, Gaogang Xie,  Publisher: 2013 ELSEVIER Journal of Network.
Repeaters and Hubs Repeaters: simplest type of connectivity devices that regenerate a digital signal Operate in Physical layer Cannot improve or correct.
Para-Snort : A Multi-thread Snort on Multi-Core IA Platform Tsinghua University PDCS 2009 November 3, 2009 Xinming Chen, Yiyao Wu, Lianghong Xu, Yibo Xue.
Implementing a Port Knocking System in C Honors Thesis Defense by Matt Doyle.
Author: Haoyu Song, Fang Hao, Murali Kodialam, T.V. Lakshman Publisher: IEEE INFOCOM 2009 Presenter: Chin-Chung Pan Date: 2009/12/09.
1.4 Open source implement. Open source implement Open vs. Closed Software Architecture in Linux Systems Linux Kernel Clients and Daemon Servers Interface.
An Approach To Automate a Process of Detecting Unauthorised Accesses M. Chmielewski, A. Gowdiak, N. Meyer, T. Ostwald, M. Stroiński
Wire Speed Packet Classification Without TCAMs ACM SIGMETRICS 2007 Qunfeng Dong (University of Wisconsin-Madison) Suman Banerjee (University of Wisconsin-Madison)
Packet Classification on Multiple Fields 참고 논문 : Pankaj Gupta and Nick McKeown SigComm 1999.
CCNA 3 Week 4 Switching Concepts. Copyright © 2005 University of Bolton Introduction Lan design has moved away from using shared media, hubs and repeaters.
1 Intrusion Detection Methods “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking.
Accelerating Error Correction in High-Throughput Short-Read DNA Sequencing Data with CUDA Haixiang Shi Bertil Schmidt Weiguo Liu Wolfgang Müller-Wittig.
TASHKENT UNIVERSITY OF INFORMATION TECHNOLOGIES Lesson №18 Telecommunication software design for analyzing and control packets on the networks by using.
The Design and Implementation of Firewall, NAT, Traffic Shaper on FreeBSD.
SDN AND OPENFLOW SPECIFICATION SPEAKER: HSUAN-LING WENG DATE: 2014/11/18.
Department of Computer Science and Engineering Applied Research Laboratory Architecture for a Hardware Based, TCP/IP Content Scanning System David V. Schuehler.
A Resource Efficient Content Inspection System for Next Generation Smart NICs Karthikeyan Sabhanatarajan, Ann Gordon-Ross* The Energy Efficient Internet.
STORE AND FORWARD & CUT THROUGH FORWARD Switches can use different forwarding techniques— two of these are store-and-forward switching and cut-through.
TCAM –BASED REGULAR EXPRESSION MATCHING SOLUTION IN NETWORK Phase-I Review Supervised By, Presented By, MRS. SHARMILA,M.E., M.ARULMOZHI, AP/CSE.
High-Speed Policy-Based Packet Forwarding Using Efficient Multi-dimensional Range Matching Lakshman and Stiliadis ACM SIGCOMM 98.
1 MSRBot Web Crawler Dennis Fetterly Microsoft Research Silicon Valley Lab © Microsoft Corporation.
An Efficient Gigabit Ethernet Switch Model for Large-Scale Simulation Dong (Kevin) Jin.
1.4 Open source implement. Open source implement Open vs. Closed Software Architecture in Linux Systems Linux Kernel Clients and Daemon Servers Interface.
Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking Author : Tommy Chin Jr., Xenia Mountrouidou, Xiangyang Li and Kaiqi.
An Efficient Gigabit Ethernet Switch Model for Large-Scale Simulation Dong (Kevin) Jin.
Presented By: Mohammed Al-Mehdhar Presentation Outline Introduction Approaches Implementation Evaluation Conclusion Q & A.
Software-defined network(SDN)
Unique Packet Identifiers for Multipoint Monitoring of QoS Parameters Juraj Giertl, František Jakab Gorazd Baldovský, Ján Genči.
DIVYA K 1RN09IS016 RNSIT1. Cloud computing provides a framework for supporting end users easily through internet. One of the security issues is how to.
Range Hash for Regular Expression Pre-Filtering Publisher : ANCS’ 10 Author : Masanori Bando, N. Sertac Artan, Rihua Wei, Xiangyi Guo and H. Jonathan Chao.
BUFFALO: Bloom Filter Forwarding Architecture for Large Organizations Minlan Yu Princeton University Joint work with Alex Fabrikant,
SDN challenges Deployment challenges
Software defined networking: Experimental research on QoS
Self Healing and Dynamic Construction Framework:
Indigo Doyoung Lee Dept. of CSE, POSTECH
CS 31006: Computer Networks – The Routers
Bloom Filters Very fast set membership. Is x in S? False Positive
Enabling Innovation Inside the Network
Dynamic Packet-filtering in High-speed Networks Using NetFPGAs
Implementing an OpenFlow Switch on the NetFPGA platform
IP Control Gateway (IPCG)
OpenSec:Policy-Based Security Using Software-Defined Networking
Presentation transcript:

Sujayyendhiren RS, Kaiqi Xiong and Minseok Kwon Rochester Institute of Technology Motivation Experimental Setup in ProtoGENI Conclusions and Future Work OpenBIDS is modular and its data plane is lightweight. It can thus be easily integrated into a variety of networks including SDN. Speed can further be increased by using a parallel Bloom filter. OpenBIDS may well be extended to dynamically learn/analyze network traffic, and thus add rules to eradicate the learned threats. OpenBIDS Architecture OpenBIDS : An OpenFlow-enabled Network Intrusion Detection System Using Bloom Filters Abstract OpenBIDS uses OpenFlow and Bloom filters to provide a high performance online Network Intrusion Detection System (NIDS). The Bloom filter resides in the data plane, and runs multiple pattern matching while OpenFlow provides a robust, efficient and modular framework for the filtering and configuration in the data plane. Components of OpenBIDS Control Plane: The control plane receives, parses, and stores configuration information pertaining to the signatures received from the controller (as the interface between the controller and data plane). The signature specific information is stored at a hash table. Netlink Interface: Data transfer between the user space and kernel space via Netlink sockets. Data plane: The data plane receives signature information from the control plane, and inserts that into the Bloom filter. Data lookup with the filter is hooked in the OpenFlow data plane. Controller: The controller sends configuration information to the user space module. The user space module then parses and stores signature and relevant information, and forwards the signature information to the filter. Bloom filter: This data structure is used for high speed membership queries. It is lightweight and supports rapid lookup with some false positives. The size of the Bloom filter is independent of string length, and this in turn makes the filter a good candidate to be implemented in fast on-chip memory. The filter calculates k hash values for each signature and stored in m memory. We use k = 8 and m = 102,400. The experimental setup comprises 4 PCs in which PC-1 runs the OpenFlow controller and the OpenBIDS rules configuration files. The PC placed at the center has the OVS kernel module (openvswitch.ko) with the Bloom filter hook running as the OpenBIDS data plane. The OpenBIDS control plane resides at the users space on this machine. PC-2 is the source that produces data plane packets to OpenBIDS. All the data plane packets are destined to PC-0. Common packet generators can be used at PC-2 and PC-0 for the analysis of parameters like delay and jitter. We used plaintext data packets obtained from The packets are of length in the order of thousand bits and contains information related to security. The size of the filter used for the experiment is 102,400 bits. About 25 common signatures/strings were populated with the length ranging from 4 to 20 bytes. Experimental Results Increasing network bandwidth and security threats calls for an NIDS with high accuracy and throughput. OpenBIDS is an attempt to augment OpenFlow, which is a robust Software Defined Networking (SDN) framework, for the data plane rules configuration and packet filtering. These results show the lookup time taken by the Bloom filter lookup in OpenBIDS including metadata construction. The results show that the lookup time increases in proportion to data size increase. The first figure shows the results when signature length ranges from 5 to 25 bytes; the second one is when signature length is from 5 to 65 bytes. Results are obtained by populating signatures of lengths ranging between 5 bytes to the maximum signature lengths specified in the above table. Data packet of 1000 bytes was analyzed each time. There is linear increase in processing time with increase in the signature length.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.