Sujayyendhiren kaiqi xiong minseok kwon
Sponsored Links
This presentation is the property of its rightful owner.
1 / 11

O pen BIDS a NIDS PowerPoint PPT Presentation


  • 80 Views
  • Uploaded on
  • Presentation posted in: General

Sujayyendhiren, Kaiqi Xiong, Minseok Kwon. O pen BIDS a NIDS. Experimental Setup OpenBIDS. High Level Architecture. Detailed Architecture. Metadata – Kernel to Userspace. Bloom Filter Configuration. Signature Format.

Download Presentation

O pen BIDS a NIDS

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Sujayyendhiren, Kaiqi Xiong, Minseok Kwon

OpenBIDS a NIDS


Experimental Setup OpenBIDS


High Level Architecture


Detailed Architecture


Metadata – Kernel to Userspace


Bloom Filter Configuration


Signature Format

  • <transport:"tcp"> <sport:"20"> <dport:"40"> <content:"Virus"> <action:"DROP"> <message:"Dropping the packet">

  • <transport:"udp"> <sport:"30"> <dport:"40"> <content:"Danger|fffe|"> <action:"FORWARD"> <offset:"10"> <message:"Fwd the packet">

  • <transport:"udp"> <sport:"*"> <dport:"*"> <content:"Not malicious"> <action:"LOG"> <message:"Not malicious packet">


Current Features

  • OpenBIDS offers the feature of adding bloom filter rules at run time.

  • If a signature match is identified by bloom filter, it is followed by a hashtable lookup in the user space. On successful lookup , a relevant rule is added dynamically into flow table using OpenFlow framework.

  • Multiple pattern matching for each data plane packet.

  • Bloom filter parameters like ‘k’ , ‘m’ are configured statically at compile time.


Sample Statistics


Targets

  • Parallelizing multiple pattern matching.

  • Optimizing memory operations like memory copying and memory initializations.

  • Instead of exhaustive matching of data packet for signatures, feedback based increase in checking for multiple patterns i.e. if a lookup match is identified as false positive by user space then gradually increase the number of pattern matches for a flow.


Demo


  • Login