TC: Small: A High-Performance Abstract Machine for Network Intrusion Detection
International Computer Science Institute, Berkeley CA
Investigators
Abstract
Network intrusion detection systems (NIDS) need to balance between a set of challenges difficult to simultaneously address to their full extent: the complexity of network communication; the need to operate extremely efficiently to achieve line-rate performance; and dealing securely with untrusted input. Our project aims to build an efficient and secure bridge between dealing effectively with these challenges, and offering the high-level abstractions required for describing a security policy. Observing that NIDS implementations share a large degree of functionality, we introduce a new middle-layer into NIDS processing, consisting of two main pieces: first, an abstract machine model that is specifically tailored to the network intrusion detection domain and directly supports the field's common abstractions and idioms in its instruction set; and second, a compilation strategy for turning programs written for the abstract machine into highly optimized, natively executable code for a given target platform, with performance comparable to manually written C code. As a broader goal, our undertaking provides the security community with a novel architecture that facilitates development and reuse of building blocks commonly required for network traffic analysis. While the focus of our effort is the design and implementation of the abstract machine environment itself, we envision enabling the community to unleash its full potential by building analysis functionality on top of the platform we develop.
View original record on NSF Award Search →