Programmable Real-time Traffic Analysis on Many-Core Architectures

It has been estimated that malicious code (viruses, worms, and Trojan horses) have caused over $75 billion in economic losses in the U.S. through 2007. As a result, continuous traffic monitoring and accurate detection of traffic anomalies and attacks are extremely critical for large network operators, as well as for enterprise networks that provide important services such as banking, law enforcement, and healthcare. Aiming to alleviate this very significant problem, CITRIS researchers will leverage parallelism available in many-core chip multi-processors (CMP) to deliver comprehensive and programmable analysis of network traffic in real-time. This project output finds application in automatic detection and prevention of security attacks, which has far-reaching societal impacts.

Most Intrusion Detection Systems (IDSes) are host-based and not scalable to high-speed networks, especially for the emerging sophisticated attacks. In addition, almost all of the previous hardware design research presumes a nearly stateless approach to attack detection. Instead, UC Davis Computer Science Professor Soheil Ghiasi will take a more sophisticated approach by leveraging parallelism available in many-core chip multi-processors (CMP) to perform real-time and comprehensive analysis of network traffic in an efficient manner.

Ghiasi and colleagues anticipate developing a solution for programmable, real-time, and comprehensive analysis of traffic in networks to detect anomalies, and security breaches. This solution will contribute to secure exchange of data, trusted collaboration among geographically distant professionals, and a flurry of other applications that demand secure communication. For example, this project can be integrated into the on-going effort at CITRIS at UC Davis to establish a research center on IT-enabled healthcare.

Currently a proof-of-concept CMP prototyping framework using an FPGA board and a uni-processor based programmable network measurement (ProgME) infrastructure has been developed. The researchers hope to be able to secure larger extramural funding to continue this important work.