Source: Intel
An FPGA integrated circuit (Intel’s Stratix 10 FPGA shown here) is essential to the performance of the CMU team’s intrusion detection system.
The system achieves speeds of 100 gigabits per second using a single server
Intrusion detection systems are the invisible intelligence agencies in computer networks. They scan every packet of data that is passed through the network, looking for signs of any one of the tens of thousands of different types of cyberattacks they’re aware of.
As Internet speeds continue to increase, so too does the amount of data that passes through. To keep up, intrusion detection systems have grown into giant racks and stacks of servers, driving energy costs up for organizations that rely on them for protection.
That’s all about to change. Researchers in Carnegie Mellon University’s CyLab have developed the fastest-ever open-source intrusion detection system—one that achieves speeds of 100 gigabits per second using a single server.
“What was previously possible with 100-700 processor cores and a whole rack of machines, we can now do with five processor cores in a single server,” says CyLab’s Justine Sherry, an assistant professor in the Computer Science Department (CSD) in the School of Computer ScienceOpens in new window.
The researchers are presenting their work at this week’s USENIX Symposium on Operating Systems Design and Implementation.
We created one pizza box-sized machine to do the work of a whole room of servers.
Justine Sherry, Assistant Professor, Computer Science Department
Key to the researchers’ success is the use of a field-programmable gate array (FPGA), an integrated circuit for which users can write code and customize, hence “field-programmable.” The researchers programmed the FPGA to be tailored for the sole job of intrusion detection and wrote that algorithms which can’t run on traditional processors and are significantly faster.
When placed in a network, Sherry says that an average of 95 percent of data packets are processed by the FPGA on its own, while the other five percent are passed on to central processing units when it becomes overwhelmed, hence the necessity of five processor cores in their system.
“The FPGA does most of the work, but some of it still goes to the processors,” Sherry says.
The result in energy-savings is enormous: their intrusion detection system uses 38 times less power using an FPGA than hundreds of processing cores would in performing the same work.
It’s like your electricity bill used to be $100, and now it’s $3.
Justine Sherry, Assistant Professor, Computer Science Department
“It’s like your electricity bill used to be $100, and now it’s $3,” says Sherry. “We created one pizza box-sized machine to do the work of a whole room of servers.”
The researchers’ code is open-sourced and available for download on GitHub.
The Latest Updates from Bing News & Google News
Go deeper with Bing News on:
Network intrusion detection system
- A Guide to Enhanced Security in Bare Metal Hosting
From a technical perspective, routine security audits are indispensable. Conducting penetration tests, vulnerability assessments, and analyzing system logs are critical components of maintaining a ...
- 10 Critical Endpoint Security Tips You Should Know
Unlock Endpoint Security with our top 10 must-know tips! From MFA to EDR, discover how to protect your digital kingdom.
- Blockchain And AI: The Dream Team Of Tech
Blockchain can revolutionize generative AI business models by creating decentralized marketplaces for models and outputs via tokens and smart contracts. This empowers creators to directly monetize ...
- Vendor Management: Top 7 Reasons Why Companies Aren't Secure
Vendor management is a crucial component in safeguarding company cybersecurity. As businesses increasingly rely on various external services and products, ensuring these external partners uphold ...
- Fortifying Cyber Defense With the Power of Linux Intrusion Detection and Prevention Systems
Intrusion Detection and Prevention Systems (IDPS) are security tools designed to detect and respond to unauthorized access attempts or malicious activities within a network or on individual systems.
Go deeper with Google Headlines on:
Network intrusion detection system
[google_news title=”” keyword=”network intrusion detection system” num_posts=”5″ blurb_length=”0″ show_thumb=”left”]
Go deeper with Bing News on:
Intrusion detection
- The Shifting Landscape of Vicious Cyber Warfare: Insights from Dmitri Alperovitch
As the conflict between Russia and Ukraine rages on, the battleground has expanded beyond physical borders into the realm of cyber warfare. The shifting character of modern warfare is highlighted by ...
- 10 Critical Endpoint Security Tips You Should Know
Unlock Endpoint Security with our top 10 must-know tips! From MFA to EDR, discover how to protect your digital kingdom.
- Embedded world 2024: SDVs and AI in automotive
At embedded world 2024, chipmakers deliver new platforms and technologies to advance SDVs and AI in automotive.
- Blockchain And AI: The Dream Team Of Tech
Blockchain can revolutionize generative AI business models by creating decentralized marketplaces for models and outputs via tokens and smart contracts. This empowers creators to directly monetize ...
- Vendor Management: Top 7 Reasons Why Companies Aren't Secure
Vendor management is a crucial component in safeguarding company cybersecurity. As businesses increasingly rely on various external services and products, ensuring these external partners uphold ...
Go deeper with Google Headlines on:
Intrusion detection
[google_news title=”” keyword=”intrusion detection” num_posts=”5″ blurb_length=”0″ show_thumb=”left”]