Intrusion-detection systems are the invisible intelligence agencies in computer networks. They scan every packet of data passed through the network, looking for signs of any one of the tens of thousands of cyberattack styles they recognize.
As internet speeds increase, data volumes grow. To keep up, intrusion-detection systems have morphed into giant racks and stacks of servers, driving up energy costs for organizations that rely on them.
That's all about to change. Researchers in Carnegie Mellon University's CyLab have developed the fastest-ever open-source intrusion-detection system — one that achieves speeds of 100 gigabits per second using a single server.
"What was previously possible with 100-700 processor cores and a whole rack of machines, we can now do with five processor cores in a single server," said CyLab's Justine Sherry, an assistant professor in School of Computer Science's Computer Science Department.
The researchers presented their work at the recent USENIX Symposium on Operating Systems Design and Implementation.
Key to the researchers' success is using a field-programmable gate array (FPGA), an integrated circuit that users can program with customized code. The researchers programmed the FPGA specifically to detect intrusion, employing algorithms that are significantly faster than previous ones and that could not run on traditional processors.
Sherry said that the FPGA processes an average of 95% of data packets on its own when it's placed in a network. The other 5% continue to central processing units when the FPGA becomes overwhelmed, hence the system's five processor cores.
"The FPGA does most of the work, but some of it still goes to the processors," Sherry said.
The new system produces enormous energy savings. To do the same work as the FPGA, a traditional system comprising hundreds of processing cores would use 38 times more power.
"It's like your electricity bill used to be $100, and now it's $3," said Sherry. "We created one pizza box-sized machine to do the work of a whole room of servers."
The researchers' open-source code can be downloaded on GitHub.