sujayyendhiren kaiqi xiong minseok kwon n.
Skip this Video
Loading SlideShow in 5 Seconds..
O pen BIDS a NIDS PowerPoint Presentation
Download Presentation

Loading in 2 Seconds...

play fullscreen
1 / 11

O pen BIDS a NIDS - PowerPoint PPT Presentation

  • Uploaded on

Sujayyendhiren, Kaiqi Xiong, Minseok Kwon. O pen BIDS a NIDS. Experimental Setup OpenBIDS. High Level Architecture. Detailed Architecture. Metadata – Kernel to Userspace. Bloom Filter Configuration. Signature Format.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'O pen BIDS a NIDS' - airlia

Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
signature format
Signature Format
  • <transport:"tcp"> <sport:"20"> <dport:"40"> <content:"Virus"> <action:"DROP"> <message:"Dropping the packet">
  • <transport:"udp"> <sport:"30"> <dport:"40"> <content:"Danger|fffe|"> <action:"FORWARD"> <offset:"10"> <message:"Fwd the packet">
  • <transport:"udp"> <sport:"*"> <dport:"*"> <content:"Not malicious"> <action:"LOG"> <message:"Not malicious packet">
current features
Current Features
  • OpenBIDS offers the feature of adding bloom filter rules at run time.
  • If a signature match is identified by bloom filter, it is followed by a hashtable lookup in the user space. On successful lookup , a relevant rule is added dynamically into flow table using OpenFlow framework.
  • Multiple pattern matching for each data plane packet.
  • Bloom filter parameters like ‘k’ , ‘m’ are configured statically at compile time.
  • Parallelizing multiple pattern matching.
  • Optimizing memory operations like memory copying and memory initializations.
  • Instead of exhaustive matching of data packet for signatures, feedback based increase in checking for multiple patterns i.e. if a lookup match is identified as false positive by user space then gradually increase the number of pattern matches for a flow.