Home Education Research Resources Conferences Outreach Security

Recent Conference papers

  1. L. Vespa and N. Weng. SWM: Simplified Wu-Manber for GPU-based Deep Packet Inspection, the International Conference on Security and Management, 2012.

    Abstract. Graphics processing units (GPU) have potential to speed up deep packet inspection (DPI) by processing many packets in parallel. However, popular methods of DPI such as deterministic finite automata are limited because they are single stride. Alternatively, the complexity of multiple stride methods is not appropriate for the SIMD operation of a GPU. In this work we present SWM, a simplified, multiple stride, Wu-Manber like algorithm for GPU-based deep packet inspection. SWM uses a novel method to group patterns such that the shift tables are simplified and therefore appropriate for SIMD operation. This novel grouping of patterns has many benefits including eliminating the need for hashing, allowing processing on nonfixed pattern lengths, eliminating sequential pattern comparison and allowing shift tables to fit into the small on-chip memories of GPU stream cores. We show that SWM achieves 2 Gb/s deep packet inspection even on a single GPU with only 32 stream cores. We expect that this will increase proportionally with additional stream cores which number in the hundreds to thousands on higher end GPUs

  2. Matthew Dean and Lucas Vespa, Simplified Network Traffic Visualization for Real-Time Security Analysis, The 2013 International Conference on Security and Management, 2013. The paper is available at: http://csc.uis.edu/center/app/8a/Vespa-Visualization.pdf

    Abstract: Although traditional methods of network security analysis used in investigating network traffic and log files are essential to mitigating malicious network activity, these methods alone cannot keep up with constant increases in malevolent network traffic. Many visualization tools have been created as a supplement to traditional analysis and intrusion detection systems. Even though these tools are useful, each tool tends to have a niche use. Also, many network administrators fill dual roles as administrators and security analysts and have little time to learn different complex visualization tools. We therefore observe a need for a simple out-of-the-box solution for general network security visualization. We hope to fill this need with our tool called VNR, which in addition to its simplicity embeds transport layer data within visualizations allowing for better intra-host analysis. VNR can also be used for real-time or auditing purposes by configuring the amount of data visualized within specific time frames.

Home Education Research Resources Conferences Outreach Security