Bro-Intelligent Load Balancer Towards Terabit-Scale Cyber-Security
Department of Energy
Agency Tracking Number:
Solicitation Topic Code:
Small Business Information
Reservoir Labs, Inc.
632 Broadway Suite 803, New York, NY, 10012-2614
Socially and Economically Disadvantaged:
Jordi Ros Giralt
AbstractIn an increasingly hostile computing environment, Network Intrusion Detection Systems (NIDS) serve an indispensable role in preserving the integrity of computer networks. This comes to manifest as the DOE is working at a national level to secure a number of strategic network entry points using Bro, a powerful NIDS developed by the networking group at the International Computer Science Institute in Berkeley, California. The current NIDS architecture, however, is being driven to a breaking point by two independent realities: first, as network data-rates increase, single-node NIDS boxes are being overwhelmed by the quantity of computation they must perform to continuously secure the network; second, as attacks become ever more sophisticated, NIDS have to incorporate more complex traffic analysis heuristics that further stress the systems processing capacity. To address these trends, ICSI has extended the functionality of the Bro NIDS with a cluster architecture that allows for the logical aggregation of multiple Bro nodes. The cluster architecture provides a way to arbitrarily scale the performance of the NIDS with the exception of one element: the front-end load balancer. In a cluster solution, the load balancer is the performance bottleneck because it is the only element that must process all the traffic as an indivisible trunk. This proposal argues that due to the strong heavy-tailed nature of network trafficwhich shows that most of the relevant information from a traffic analysis perspective resides in a small portion of the total traffican optimal design of the load balancer will tend to shift intelligence and bring Bro-awareness toward the front-end load balancer to offload traffic from the back-end nodes. This proposal shows that by doing so, energy consumption in the cluster can be reduced by a factor of 2X to 10X. This work proposes the implementation of a Bro load balancer with the following two key building blocks: To increase the degree of Bro-intelligence, the presented work proposes to port Bros dynamic protocol detection (DPD) module to the load balancer. Such intelligence can be used by the load balancer to make optimal traffic forwarding decisions saving substantial amounts of computations and power in the back-end. A control plane protocol is proposed across multiple load balancers to scale the system toward terabit-scale networking; such protocol allows each load balancer to make local forwarding decisions that are globally optimal. Commercial Applications and Other Benefits: In the DOE, it is estimated that 60% of networked computers have access to security-related information and these machines are confronted with hundreds-of-thousands of attacks per year. More recently, ESnet, the Department of Energys high-performance networking facility managed by the Lawrence Berkeley National Laboratory, received $62 million to develop what will be the worlds fastest computer network. The proposed technology has the potential to reduce the number of back-end nodes in the security clusters of these government-funded networks by a factor of up to 10X, providing reductions in CAPEX and energy costs of up to the same factor. The proposed technology can also be used by private enterprises to protect their networks at rates of 100Gbps and toward Terabit/second deployments.
* information listed above is at the time of submission.