Degree Name : Doctor of Philosophy
Department : Electrical and Computer Engineering
First Advisor : Weng,Ning

Abstract

Even-changing attacks require computer networks to continuously adapt to provide confidentiality, availability, and integrity for diverse system connected through them. If network security system could be dynamically reconfigured for new attacks, techniques and algorithms, computer networks would be able to provide better protection. The key challenge to achieve this adaptability is due to the lacking adaptive framework which can simultaneously consider underlying hardware platform, algorithms processing complexity, and integrating them together. This dissertation presents a adaptive framework for Network Intrusion Detection System with the capability to detect unknown attacks, reconfigurable to new technologies, adaptable to network traffic, and easily updating. The key idea is by adding network analyzers and interdisciplinary several network security techniques into a system. The network analyzers analyze network traffic to know the characteristic of the network traffic over the time by analyzing the packets header and payload. Using this network characteristic information, a suitable intrusion detection system will be constructed. In this dissertation, I introduce the implementation of intrusion detection system on FPGA, multiprocessor, and memory with packet pre-filtering base on part of pattern. In FPGA, the methodology to construct a high performance string matching engine was introduced. Various techniques, including multi-threading FSM design, partitioning FSM, and a novel high-speed FSM interface circuit, are developed to improve the performance of the string matching circuits. In multiprocessor, I present a workload mapping methodology for multi-core (Network Processor) security systems using a comprehensive simulation framework. With this methodology, the network engineers can be utilize the multi-core without knowledge the complicated of multi-core programming. In memory-based, I present the technique to reduce the huge memory requirement for finite state machine using state coding. Using this framework methodology, network engineers can evaluate run-time characteristic network traffic and integrate security technologies to NIDS. Without this methodology, it will be very difficult if not impossible.