Scaling Network Security Applications


Project Summary

A wide variety of network security application (malware detection, rule-based network intrusion detection, covert channel detection, etc.) require packet inspection and processing. The processing is required not only on individual packets but also on sequences of packets and across flows to detect security policy breaches and attacks. Performing these functions at very high network line rates (10 Gbps now and soon scaling up to 40 to 100 Gbps) is critical to safeguarding enterprise networks. Solutions based on the use of Field Programmable Gate Arrays (FPGA’s) and/or multi-core CPUs have limitations with regards to performance, flexibility, power, and programmability. In this research project, we propose to investigate the applicability of MPPA (Massively Parallel Processing Array) architectures to scale packet processing and analysis tasks to meet the security challenges presented by next generation high-speed networks. MPPA based parallel processing devices have a number of advantages that make them particularly attractive for parallelizing stream-based data-intensive computation. For example, they use a large number of low clock rate processors, which allows them to provide significant computing capability while consuming relatively little power. Furthermore, these devices provide a processor interconnection topology that guarantees bounded communication delays between processors. Additionally, since the interconnection network is programmable, it enables optimizing the parallel implementation of algorithms by programming the interconnection to match the parallelism in the algorithm. Finally, the MPPA devices provide high-level language support that can make programming these devices much easier than FPGA based systems.

In this NSF funded project,  we will build upon our preliminary work and design parallel implementations of algorithms that are required in many different network security applications. These include 1) the K-means clustering algorithm used in traffic classification, 2) the entropy computation algorithm used in anomaly detection, 3) pattern matching used in rule-based network intrusion detection, and 4) encryption and decryption acceleration engines. We will investigate how these algorithms can be parallelized in a MPPA architecture and study the scalability issues. A key constraint in the current generation MPPA devices is the amount of local memory — thus we will design implementations that can tolerate a limited amount of memory. We will consider different implementations of the network security applications and compare their performance in terms of throughput and the accuracy of detection.

People

Ross Gegan
Vishal Ahuja
Rennie Archibald
Blake C. Mason
Matthew Farrens
Dipak Ghosal

Publications

  1. Blake C. Mason, Cherita Corbett, and Dipak Ghosal, "Evaluation of a Massively Parallel Architecture for Network Security Applications," in Proceedings 2010 18th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP), Pisa, 17-19 Feb. 2010
  2. Yali Liu, Ahmad-Reza Sadeghi, Dipak Ghosal, Biswanath Mukherjee: Video Streaming Forensic - Content Identification with Traffic Snooping. in Proceedings 13 International Conference on Information Security (ISC) 2010: 129-135, Boca Raton, FL, USA, October 25-28, 2010 [Also in Lecture Notes in Computer Science 6531 Springer 2011, ISBN 978-3-642-18177-1]
  3. Weiwei Liu, Guangjie Liu, Jiangtao Zhai, Yuewei Dai, and Dipak Ghosal, “Designing Analog Fountain Timing Channels: Undetectability, Robustness and Model-Adaptation,” IEEE Transactions on Information Forensics and Security – Under review.  
  4.  Rennie Archibald  and Dipak Ghosal, “Design and performance evaluation of a covert timing channel, Accepted for publication in Security Comm. Networks (2015).
  5. Ross Gegan, Rennie Archibald, Matthew Farrens, Dipak Ghosal, “Performance Analysis of Real-Time Covert Timing Channel Detection using a Parallel System,” 9th International Conference on Network and System Security, November 3-5, 2015,New York City, USA
  6.  Rennie Archibald and Dipak Ghosal, Design and Analysis of a Model-Based Covert Timing Channel for Skype Traffic, 2015 IEEE Conference on Communications and Network Security (CNS) - IEEE CNS 2015, Florence, Italy, September/October 2015
  7.   Rennie Archibald, Dipak Ghosal, A comparative analysis of detection metrics for covert timing channels, Computers & Security, May 2014,
  8.  Archibald, Rennie, and Dipak Ghosal. "A covert timing channel based on fountain codes." Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on. IEEE, 2012.3.
  9.  Matthias Kirchner, Dipak Ghosal: Information Hiding - 14th International Conference, IH 2012, Berkeley, CA, USA, May 15-18, 2012, Revised Selected Papers. Lecture Notes in Computer Science 7692, Springer 2013, ISBN 978-3-642-36372-6
  10. Archibald, Rennie, et al. "Disambiguating HTTP: classifying web applications." Wireless Communications and Mobile Computing Conference (IWCMC), 2011 7th International. IEEE, 2011.
  11.  Yali Liu, Dipak Ghosal, Biswanath Mukherjee and Ahmad-Reza Sadeghi. Video Streaming Forensic - Content Identification with Traffic Snooping, 13th Information Security Conference (ISC 2010), Boca-Raton, Florida, October 25-28, 2010
  12. Y. Liu, F. Armknecht, D. Ghosal, S. Katzenbeisser, A. Sadeghi, S. Schulz, “Robust and Undetectable Covert Timing Channels for i.i.d. Traffic,”  12th Information Hiding Conferences (IH10), 2010.
  13.  Yali Liu,  Frederik Armknecht,  Dipak Ghosal, Stefan Katzenbeisser,  Ahmad-Reza Sadeghi, Steffen Schulz,  Hide and Seek in Time - Robust Covert Timing Channels, 14th European Symposium on Research in  Computer Security Saint Malo, France | September 21-25, 2009

Thesis/Dissertation

  1. Ross Gegan, Design and Analysis of Parallel Implementation of Covert Timing Channel Detection Methods on a Massively Parallel Processing Array Architectures, 2015. 
  2. Blake C. Mason.  Evaluation of a massively parallel architecture for network security applications. MS Thesis, 2010.
  3. Rennie Achibald 
  4. Yali Liu