Abstract: Network intrusion detection systems (NIDS) complement firewalls and other security approaches by analyzing network traffic at the edge of an intranet to detect attacks and unauthorized access. The effectiveness of a NIDS is determined both by the sophistication of the underlying analysis algorithm as well as by the processing speed or capacity. Packet loss due to insufficient processing capabilities results in loss of valuable information, rendering the NIDS ineffective. Increasing network speeds and more complex analysis techniques require packet processing capacities that exceed the performance of existing general-purpose computer systems. The SPANIDS project addresses this bottleneck by developing a scalable, parallel architecture for NIDS platforms.

This talk discusses the performance requirements of network intrusion detection, presents a parallel architecture to address these challenges, and provides an overview of an FPGA-based prototype implementation currently underway.

Short Bio: See speaker's home page for more information