Performing network security applications such as malware detection, rule-based network intrusion detection, and covert channel detection at very high network line rates (10 Gbps now and soon scaling up to 40 to 100 Gbps) is critical to safeguarding enterprise networks. In this research project, we are investigating the applicability of MPPA (Massively Parallel Processing Array) architectures to scale packet processing and analysis tasks to meet the security challenges presented by next generation high-speed networks. Building upon our preliminary work, we are investigating parallel implementations of algorithms that are required in many different network security applications. These include 1) the K-means clustering algorithm used in traffic classification, 2) the entropy computation algorithm used in anomaly detection, 3) pattern matching used in rule-based network intrusion detection, and 4) encryption and decryption acceleration engines. We are investigate how these algorithms can be parallelized in a MPPA architecture with a large number of processors with limited memory and how the programmable processor interconnect can be leveraged to optimize the parallel implementation of algorithms. We are pursuing an experimental approach by building a testbed system to support both network traffic based and trace driven analyses. Through our research we expect to quantify the ability of MPPA architectures to scale data intensive computations for higher and higher line rates. The parallel algorithms and the implementation of the network security applications will be made available to other researchers. It is expected that graduate and undergraduate students involved in this project will obtain training in areas intersecting computer networks security, signal processing, and parallel processing.
