Sujayyendhiren kaiqi xiong minseok kwon
1 / 11

O pen BIDS a NIDS - PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

Sujayyendhiren, Kaiqi Xiong, Minseok Kwon. O pen BIDS a NIDS. Experimental Setup OpenBIDS. High Level Architecture. Detailed Architecture. Metadata – Kernel to Userspace. Bloom Filter Configuration. Signature Format.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentationdownload


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Sujayyendhiren kaiqi xiong minseok kwon

Sujayyendhiren, Kaiqi Xiong, Minseok Kwon


Experimental setup openbids

Experimental Setup OpenBIDS

High level architecture

High Level Architecture

Detailed architecture

Detailed Architecture

Metadata kernel to userspace

Metadata – Kernel to Userspace

Bloom filter configuration

Bloom Filter Configuration

Signature format

Signature Format

  • <transport:"tcp"> <sport:"20"> <dport:"40"> <content:"Virus"> <action:"DROP"> <message:"Dropping the packet">

  • <transport:"udp"> <sport:"30"> <dport:"40"> <content:"Danger|fffe|"> <action:"FORWARD"> <offset:"10"> <message:"Fwd the packet">

  • <transport:"udp"> <sport:"*"> <dport:"*"> <content:"Not malicious"> <action:"LOG"> <message:"Not malicious packet">

Current features

Current Features

  • OpenBIDS offers the feature of adding bloom filter rules at run time.

  • If a signature match is identified by bloom filter, it is followed by a hashtable lookup in the user space. On successful lookup , a relevant rule is added dynamically into flow table using OpenFlow framework.

  • Multiple pattern matching for each data plane packet.

  • Bloom filter parameters like ‘k’ , ‘m’ are configured statically at compile time.

Sample statistics

Sample Statistics



  • Parallelizing multiple pattern matching.

  • Optimizing memory operations like memory copying and memory initializations.

  • Instead of exhaustive matching of data packet for signatures, feedback based increase in checking for multiple patterns i.e. if a lookup match is identified as false positive by user space then gradually increase the number of pattern matches for a flow.

O pen bids a nids


  • Login