The Experts below are selected from a list of 2922 Experts worldwide ranked by ideXlab platform
John W Lockwood - One of the best experts on this subject based on the ideXlab platform.
-
a modular system for fpga based tcp flow processing in high speed networks
Field-Programmable Logic and Applications, 2004Co-Authors: David V Schuehler, John W LockwoodAbstract:Field Programmable Gate Arrays (FPGAs) can be used in intrusion prevention systems (IPS) to inspect application data contained within network flows. An IPS operating on high-speed network traffic can be used to stop the propagation of Internet worms and to protect networks from Denial of Services (DoS) attacks. When used in the backbone of a core network, the device will be exposed to millions of active flows simultaneously. In order to protect the data in each connection, network devices will need to track the state of every flow. This must be done at multi-gigabit line rates without introducing significant delays.
-
a modular system for fpga based tcp flow processing in high speed networks
Lecture Notes in Computer Science, 2004Co-Authors: David V Schuehler, John W LockwoodAbstract:Field Programmable Gate Arrays (FPGAs) can be used in intrusion prevention systems (IPS) to inspect application data contained within network flows. An IPS operating on high-speed network traffic can be used to stop the propagation of Internet worms and to protect networks from Denial of Services (DoS) attacks. When used in the backbone of a core network, the device will be exposed to millions of active flows simultaneously. In order to protect the data in each connection, network devices will need to track the state of every flow. This must be done at multi-gigabit line rates without introducing significant delays. This paper describes a high performance TCP processing system called TCP-Processor which supports flow processing in high-speed networks utilizing multiple devices. This circuit provides stateful flow tracking, TCP stream reassembly, context storage, and flow manipulation services for applications which process TCP data streams. A simple client interface eases the complexities associated with processing TCP data streams. In addition, a set of encoding and decoding circuits has been developed which efficiently transports this interface between multiple FPGA devices. The circuit has been implemented in FPGA hardware and tested using live Internet traffic.
Aneel Rahim - One of the best experts on this subject based on the ideXlab platform.
-
performance comparison of support vector machine random forest and extreme learning machine for intrusion detection
IEEE Access, 2018Co-Authors: Iftikhar Ahmad, Mohammad Basheri, Muhammad Javed Iqbal, Aneel RahimAbstract:intrusion detection is a fundamental part of security tools, such as adaptive security appliances, intrusion detection systems, intrusion prevention systems, and firewalls. Various intrusion detection techniques are used, but their performance is an issue. intrusion detection performance depends on accuracy, which needs to improve to decrease false alarms and to increase the detection rate. To resolve concerns on performance, multilayer perceptron, support vector machine (SVM), and other techniques have been used in recent work. Such techniques indicate limitations and are not efficient for use in large data sets, such as system and network data. The intrusion detection system is used in analyzing huge traffic data; thus, an efficient classification technique is necessary to overcome the issue. This problem is considered in this paper. Well-known machine learning techniques, namely, SVM, random forest, and extreme learning machine (ELM) are applied. These techniques are well-known because of their capability in classification. The NSL–knowledge discovery and data mining data set is used, which is considered a benchmark in the evaluation of intrusion detection mechanisms. The results indicate that ELM outperforms other approaches.
-
performance comparison of support vector machine random forest and extreme learning machine for intrusion detection
IEEE Access, 2018Co-Authors: Iftikhar Ahmad, Mohammad Basheri, Muhammad Javed Iqbal, Aneel RahimAbstract:intrusion detection is a fundamental part of security tools, such as adaptive security appliances, intrusion detection systems, intrusion prevention systems, and firewalls. Various intrusion detection techniques are used, but their performance is an issue. intrusion detection performance depends on accuracy, which needs to improve to decrease false alarms and to increase the detection rate. To resolve concerns on performance, multilayer perceptron, support vector machine (SVM), and other techniques have been used in recent work. Such techniques indicate limitations and are not efficient for use in large data sets, such as system and network data. The intrusion detection system is used in analyzing huge traffic data; thus, an efficient classification technique is necessary to overcome the issue. This problem is considered in this paper. Well-known machine learning techniques, namely, SVM, random forest, and extreme learning machine (ELM) are applied. These techniques are well-known because of their capability in classification. The NSL–knowledge discovery and data mining data set is used, which is considered a benchmark in the evaluation of intrusion detection mechanisms. The results indicate that ELM outperforms other approaches.
Zebing Wang - One of the best experts on this subject based on the ideXlab platform.
-
an intelligent wlan intrusion prevention system based on signature detection and plan recognition
International Conference on Future Networks, 2010Co-Authors: Guanlin Chen, Hui Yao, Zebing WangAbstract:WLAN intrusion prevention systems have recently become one of the research hotspots with the rapid development of wireless communication. This paper starts from the introduction of intrusion prevention system and security threats to WLAN, puts forward the framework of the wireless IPS with an intelligent plan recognition engine, especially illustrates the expanding description of signature detection rules and the process of plan recognition. By utilizing device information and happened attack plans on monitored WLAN, this engine can predict the future actions and direct active responses to these actions. We present an improved model for conducting plan recognition. Experimental results showed that this engine can not only detect and prevent the main wireless attacks but also decrease false positives.
-
An overview of wireless intrusion prevention systems
2010 Second International Conference on Communication Systems Networks and Applications, 2010Co-Authors: Yujia Zhang, Guanlin Chen, Wenyong Weng, Zebing WangAbstract:With the fast development of wireless network, the problems on wireless security have become more and more prominence. And technologies of firewall and intrusion detection cannot solve these problems satisfactorily. However, wireless intrusion prevention systems which can prevent attacks for WLAN excellently have become the research hotspot. In this paper, we firstly indicate the developing history of WIPS, and then summarize the related work on WIPS in academic and engineering application area respectively. Based on these work, we propose a common wireless intrusion prevention framework (CWIPF), and describe some key technologies used in this framework. Finally, we propose some research issues should be focused on in the future.
-
An Intelligent WLAN intrusion prevention System Based on Signature Detection and Plan Recognition
2010 Second International Conference on Future Networks, 2010Co-Authors: Guanlin Chen, Hui Yao, Zebing WangAbstract:WLAN intrusion prevention systems have recently become one of the research hotspots with the rapid development of wireless communication. This paper starts from the introduction of intrusion prevention system and security threats to WLAN, puts forward the framework of the wireless IPS with an intelligent plan recognition engine, especially illustrates the expanding description of signature detection rules and the process of plan recognition. By utilizing device information and happened attack plans on monitored WLAN, this engine can predict the future actions and direct active responses to these actions. We present an improved model for conducting plan recognition. Experimental results showed that this engine can not only detect and prevent the main wireless attacks but also decrease false positives.
-
research of wireless intrusion prevention systems based on plan recognition and honeypot
International Conference on Wireless Communications and Signal Processing, 2009Co-Authors: Guanlin Chen, Hui Yao, Zebing WangAbstract:With the fast development of WLAN, wireless intrusion prevention systems have recently become the research hotspot. In this paper, we first analyze the drawbacks of WLAN and indicate the primary 802.11-specific threats, then present the framework of the wireless IPS with an intelligent plan recognition and pre-decision engine using honeypot technology, especially illustrate the need for plan recognition in WLAN. By importing supporting degree of intrusion plan, this engine can predict the future attacks and directly respond to these actions. We design and implement an improved model for conducting plan recognition and making pre-decision. Experimental results showed that the plan recognition and pre-decision engine can not only improve detection and prevention performance but also reduce false positives evidently.
David V Schuehler - One of the best experts on this subject based on the ideXlab platform.
-
a modular system for fpga based tcp flow processing in high speed networks
Field-Programmable Logic and Applications, 2004Co-Authors: David V Schuehler, John W LockwoodAbstract:Field Programmable Gate Arrays (FPGAs) can be used in intrusion prevention systems (IPS) to inspect application data contained within network flows. An IPS operating on high-speed network traffic can be used to stop the propagation of Internet worms and to protect networks from Denial of Services (DoS) attacks. When used in the backbone of a core network, the device will be exposed to millions of active flows simultaneously. In order to protect the data in each connection, network devices will need to track the state of every flow. This must be done at multi-gigabit line rates without introducing significant delays.
-
a modular system for fpga based tcp flow processing in high speed networks
Lecture Notes in Computer Science, 2004Co-Authors: David V Schuehler, John W LockwoodAbstract:Field Programmable Gate Arrays (FPGAs) can be used in intrusion prevention systems (IPS) to inspect application data contained within network flows. An IPS operating on high-speed network traffic can be used to stop the propagation of Internet worms and to protect networks from Denial of Services (DoS) attacks. When used in the backbone of a core network, the device will be exposed to millions of active flows simultaneously. In order to protect the data in each connection, network devices will need to track the state of every flow. This must be done at multi-gigabit line rates without introducing significant delays. This paper describes a high performance TCP processing system called TCP-Processor which supports flow processing in high-speed networks utilizing multiple devices. This circuit provides stateful flow tracking, TCP stream reassembly, context storage, and flow manipulation services for applications which process TCP data streams. A simple client interface eases the complexities associated with processing TCP data streams. In addition, a set of encoding and decoding circuits has been developed which efficiently transports this interface between multiple FPGA devices. The circuit has been implemented in FPGA hardware and tested using live Internet traffic.
Yibo Xue - One of the best experts on this subject based on the ideXlab platform.
-
ICDCS - Fast Path Session Creation on Network Processors
2008 The 28th International Conference on Distributed Computing Systems, 2008Co-Authors: Zongwei Zhou, Yibo XueAbstract:The security gateways today are required not only to block unauthorized accesses by authenticating packet headers, but also by inspecting connection states to defend against malicious intrusions. Hence session creation rate plays a key role in determining the overall performance of stateful intrusion prevention systems. In this paper, we propose a high-speed session creation scheme optimized for network processors. Main contribution includes: a) A high-performance flow classification algorithm on network processors; b) An efficient TCP three-way handshake scheme designed for fast-path processing using a two-stage intelligent hashing. Experimental results show that: a) The presented parallel optimized flow classification algorithm, Parallel Search Cross-Producting, outperforms the original Cross-Producting and Binary Search Cross-Producting algorithms with 300% and 60% increase of classification speed; b) The proposed fast path three-way handshake scheme, IntelliHash, achieves a TCP connection creation rate over 2M connections per second.
