Sujayyendhiren kaiqi xiong minseok kwon
Sponsored Links
This presentation is the property of its rightful owner.
1 / 11

O pen BIDS a NIDS PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

Sujayyendhiren, Kaiqi Xiong, Minseok Kwon. O pen BIDS a NIDS. Experimental Setup OpenBIDS. High Level Architecture. Detailed Architecture. Metadata – Kernel to Userspace. Bloom Filter Configuration. Signature Format.

Download Presentation


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Sujayyendhiren, Kaiqi Xiong, Minseok Kwon


Experimental Setup OpenBIDS

High Level Architecture

Detailed Architecture

Metadata – Kernel to Userspace

Bloom Filter Configuration

Signature Format

  • <transport:"tcp"> <sport:"20"> <dport:"40"> <content:"Virus"> <action:"DROP"> <message:"Dropping the packet">

  • <transport:"udp"> <sport:"30"> <dport:"40"> <content:"Danger|fffe|"> <action:"FORWARD"> <offset:"10"> <message:"Fwd the packet">

  • <transport:"udp"> <sport:"*"> <dport:"*"> <content:"Not malicious"> <action:"LOG"> <message:"Not malicious packet">

Current Features

  • OpenBIDS offers the feature of adding bloom filter rules at run time.

  • If a signature match is identified by bloom filter, it is followed by a hashtable lookup in the user space. On successful lookup , a relevant rule is added dynamically into flow table using OpenFlow framework.

  • Multiple pattern matching for each data plane packet.

  • Bloom filter parameters like ‘k’ , ‘m’ are configured statically at compile time.

Sample Statistics


  • Parallelizing multiple pattern matching.

  • Optimizing memory operations like memory copying and memory initializations.

  • Instead of exhaustive matching of data packet for signatures, feedback based increase in checking for multiple patterns i.e. if a lookup match is identified as false positive by user space then gradually increase the number of pattern matches for a flow.


  • Login