Sujayyendhiren kaiqi xiong minseok kwon
This presentation is the property of its rightful owner.
Sponsored Links
1 / 11

O pen BIDS a NIDS PowerPoint PPT Presentation


  • 74 Views
  • Uploaded on
  • Presentation posted in: General

Sujayyendhiren, Kaiqi Xiong, Minseok Kwon. O pen BIDS a NIDS. Experimental Setup OpenBIDS. High Level Architecture. Detailed Architecture. Metadata – Kernel to Userspace. Bloom Filter Configuration. Signature Format.

Download Presentation

O pen BIDS a NIDS

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Sujayyendhiren kaiqi xiong minseok kwon

Sujayyendhiren, Kaiqi Xiong, Minseok Kwon

OpenBIDS a NIDS


Experimental setup openbids

Experimental Setup OpenBIDS


High level architecture

High Level Architecture


Detailed architecture

Detailed Architecture


Metadata kernel to userspace

Metadata – Kernel to Userspace


Bloom filter configuration

Bloom Filter Configuration


Signature format

Signature Format

  • <transport:"tcp"> <sport:"20"> <dport:"40"> <content:"Virus"> <action:"DROP"> <message:"Dropping the packet">

  • <transport:"udp"> <sport:"30"> <dport:"40"> <content:"Danger|fffe|"> <action:"FORWARD"> <offset:"10"> <message:"Fwd the packet">

  • <transport:"udp"> <sport:"*"> <dport:"*"> <content:"Not malicious"> <action:"LOG"> <message:"Not malicious packet">


Current features

Current Features

  • OpenBIDS offers the feature of adding bloom filter rules at run time.

  • If a signature match is identified by bloom filter, it is followed by a hashtable lookup in the user space. On successful lookup , a relevant rule is added dynamically into flow table using OpenFlow framework.

  • Multiple pattern matching for each data plane packet.

  • Bloom filter parameters like ‘k’ , ‘m’ are configured statically at compile time.


Sample statistics

Sample Statistics


Targets

Targets

  • Parallelizing multiple pattern matching.

  • Optimizing memory operations like memory copying and memory initializations.

  • Instead of exhaustive matching of data packet for signatures, feedback based increase in checking for multiple patterns i.e. if a lookup match is identified as false positive by user space then gradually increase the number of pattern matches for a flow.


O pen bids a nids

Demo


  • Login