Project Description
Intrusion detection is important for defending networks against a wide range of cyberattacks. However, existing intrusion detection systems (IDS) require complex packet processing, which can only be supported in the userspace. Such an approach is hard to scale as the volume of traffic increases. For example, Verizon currently uses an entire rack of IDS servers for three racks on servers for their data center networks. In practice, not all traffic is bad, i.e., only a small fraction of the total traffic triggers an alert at the IDS. In this project, we focus on using programmable switches to detect and bypass benign traffic such that it reduces the packet processing overhead at the IDS while maximizing the accuracy of detecting malicious traffic using the IDS. More concretely, the student will be focusing on implementing it using the state-of-the-art tools (e.g., Apache Kafka, Apache Spark, Barefoot Tofino, etc.), and quantifying its performance for different configurations and workload.
Team Members
- Jake Miller (j_miller@umail.ucsb.edu)
- John-Michael Kirchner (j_kirchner@ucsb.edu)
- Matthew Aragaw (maragaw@ucsb.edu)
- Ruchika Saswade (ruchika_saswade@ucsb.edu)
Professor and Mentors
- Professor: Prof. Arpit Gupta (arpitgupta@ucsb.edu)
- Mentor: Sanjay Chandrasekaran (sanjaychandrasekaran@ucsb.edu), Meng Ying (mengying@cs.princeton.edu)
Meeting Time
- Meeting with Team
- Location: Zoom
- Time: Friday, 1-3pm
- Meeting with Prof. Mirza and Prof. Eiers
- Location: Zoom
- Time: Th, 4-4:30pm
Links to Proposals and Presentation
- Proposal link
- Final presentation: