Source: Intel
An FPGA integrated circuit (Intel’s Stratix 10 FPGA shown here) is essential to the performance of the CMU team’s intrusion detection system.
The system achieves speeds of 100 gigabits per second using a single server
Intrusion detection systems are the invisible intelligence agencies in computer networks. They scan every packet of data that is passed through the network, looking for signs of any one of the tens of thousands of different types of cyberattacks they’re aware of.
As Internet speeds continue to increase, so too does the amount of data that passes through. To keep up, intrusion detection systems have grown into giant racks and stacks of servers, driving energy costs up for organizations that rely on them for protection.
That’s all about to change. Researchers in Carnegie Mellon University’s CyLab have developed the fastest-ever open-source intrusion detection system—one that achieves speeds of 100 gigabits per second using a single server.
“What was previously possible with 100-700 processor cores and a whole rack of machines, we can now do with five processor cores in a single server,” says CyLab’s Justine Sherry, an assistant professor in the Computer Science Department (CSD) in the School of Computer ScienceOpens in new window.
The researchers are presenting their work at this week’s USENIX Symposium on Operating Systems Design and Implementation.
We created one pizza box-sized machine to do the work of a whole room of servers.
Justine Sherry, Assistant Professor, Computer Science Department
Key to the researchers’ success is the use of a field-programmable gate array (FPGA), an integrated circuit for which users can write code and customize, hence “field-programmable.” The researchers programmed the FPGA to be tailored for the sole job of intrusion detection and wrote that algorithms which can’t run on traditional processors and are significantly faster.
When placed in a network, Sherry says that an average of 95 percent of data packets are processed by the FPGA on its own, while the other five percent are passed on to central processing units when it becomes overwhelmed, hence the necessity of five processor cores in their system.
“The FPGA does most of the work, but some of it still goes to the processors,” Sherry says.
The result in energy-savings is enormous: their intrusion detection system uses 38 times less power using an FPGA than hundreds of processing cores would in performing the same work.
It’s like your electricity bill used to be $100, and now it’s $3.
Justine Sherry, Assistant Professor, Computer Science Department
“It’s like your electricity bill used to be $100, and now it’s $3,” says Sherry. “We created one pizza box-sized machine to do the work of a whole room of servers.”
The researchers’ code is open-sourced and available for download on GitHub.
The Latest Updates from Bing News & Google News
Go deeper with Bing News on:
Network intrusion detection system
- Intrusion Inc. and TIM Announce Partnership with Orca Cold Chain Solutions to Enhance Supply Chain Security
'We are thrilled to partner with Orca Cold Chain Solutions to bring our cybersecurity expertise to the supply chain industry,' said Tony Scott, CEO of Intrusion. 'Our solutions will help Orca's ...
- At RSA, Cisco unveils Splunk integrations, Hypershield upgrades
At RSA Conference 2024, Cisco announced plans to integrate its XDR platform and Splunk’s SIEM, bolster its Hypershield AI-native security architecture, and add to its Duo access-protection software.
- Securyzr™ Intrusion Detection System (IDS)
No portion of this site may be copied, retransmitted, reposted, duplicated or otherwise used without the express written permission of Design And Reuse.
- Cisco-backed startup Corelight raises $150M to expand network security services
Cisco is part of a group that backed security startup Corelight with $150 million in Series E funding this week. Corelight’s latest investment round is led by its first capital investor, Accel, with ...
- Fortifying Cyber Defense With the Power of Linux Intrusion Detection and Prevention Systems
Intrusion Detection and Prevention Systems (IDPS) are security tools designed to detect and respond to unauthorized access attempts or malicious activities within a network or on individual systems.
Go deeper with Google Headlines on:
Network intrusion detection system
[google_news title=”” keyword=”network intrusion detection system” num_posts=”5″ blurb_length=”0″ show_thumb=”left”]
Go deeper with Bing News on:
Intrusion detection
- Intrusion Inc. and TIM Announce Partnership with Orca Cold Chain Solutions to Enhance Supply Chain Security
'We are thrilled to partner with Orca Cold Chain Solutions to bring our cybersecurity expertise to the supply chain industry,' said Tony Scott, CEO of Intrusion. 'Our solutions will help Orca's ...
- Quanergy ushers in new era of 3D LiDAR solutions to achieve projected 300% YoY growth
Quanergy Solutions, Inc., continues to gain momentum since reformulating its business operations to focus exclusively on physical security and business intelligence ...
- AI features boost Cisco’s Panoptica application security software
Cisco pads cloud-native security platform Panoptica with features that help customers protect containerized, microservice applications.
- At RSA, Cisco unveils Splunk integrations, Hypershield upgrades
At RSA Conference 2024, Cisco announced plans to integrate its XDR platform and Splunk’s SIEM, bolster its Hypershield AI-native security architecture, and add to its Duo access-protection software.
- Fortifying Cyber Defense With the Power of Linux Intrusion Detection and Prevention Systems
Intrusion Detection and Prevention Systems (IDPS) are security tools designed to detect and respond to unauthorized access attempts or malicious activities within a network or on individual systems.
Go deeper with Google Headlines on:
Intrusion detection
[google_news title=”” keyword=”intrusion detection” num_posts=”5″ blurb_length=”0″ show_thumb=”left”]
