Lucas Vespa

Information quality model and optimization for 802.15.4-based wireless sensor networks

High information quality is a paramount requirement for wireless sensor network (WSN) monitoring applications. However, it is challenging to achieve a cost effective information quality solution due to unpredictable environment noise and events, unreliable wireless channel and network bandwidth, and sensor resource and energy constraints. Specifically, the dynamic and unreliable nature of WSNs make it difficult to pre-determine optimum sensor rates and predict packet loss. To address this problem, we present an information quality metric which characterizes information quality based on the sampling frequency of sensor nodes and the packet loss rate during network transmission. Our fundamental quality metric is based on signal-to-noise ratio and is therefore application independent. Based on our metric, a quality-aware scheduling system (QSS) is developed, which exploits cross-layer control of sensor nodes to effectively schedule data sensing and forwarding. Particularly, we develop and evaluate several QSS scheduling mechanisms: passive, reactive and perceptive. These mechanisms can adapt to environment noise, bandwidth variation and wireless channel collisions by dynamically controlling sensor rates and phase. Our experimental results indicate that our QSS is a novel and effective approach to improve information quality for WSNs.

MS-DFA

As network speeds continue to increase, so does the need for scalable pattern matching for deep packet scanning applications such as signature-based network intrusion detection. Multiple-stride deterministic finite automaton (DFA) increases the performance of pattern matching, because they allow multiple bytes of a packet to be scanned simultaneously. However, traditional multiple-stride DFA either rely on specific hardware for parallel comparison or have a huge memory requirements due to state explosion. In this paper, we present a high throughput, multiple-stride pattern-matching architecture that requires a small storage cost and no specific hardware. The basic idea is to group DFA states/transitions into three coarse-grained and variable-size blocks, so that each individual block can employ different-specific methods to optimize storage requirements and performance. The blocks are naturally identified based on basic observations of DFA characteristics: prefix, linear trie and state dependencies. The performance evaluation is done using the Snort pattern sets. We show that multi-byte striding DFA achieves multi Gb/s pure content inspection in software, while utilizing <3 bytes per pattern character.

Hybrid pattern matching for trusted intrusion detection

Intrusion Detection Systems (IDSs) rely on pattern matching to detect and thwart a network attack by comparing packets with a database of known attack patterns. The key requirements of trusted intrusion detection are accurate pattern matching, adaptive, and reliable reconfiguration for new patterns. To address these requirements, this paper presents a trusted intrusion detection by utilizing hybrid pattern matching engines: FPGA-based and multicore-based pattern matching engine. To achieve synchronization of these two pattern matching engines, methodologies including multi-threading DFA and clustered state coding have been developed. These hybrid pattern matching engines increases the reliability and trustworthy of intrusion detection systems. Copyright

P3FSM: Portable Predictive Pattern Matching Finite State Machine

Signature-based network intrusion detection requires fast and reconfigurable pattern matching for deep packet inspection. In our previous work we address this problem with a hardware based pattern matching engine that utilizes a novel state encoding scheme to allow memory efficient use of Deterministic Finite Automata. In this work we expand on these concepts to create a completely software based system, P3FSM, which combines the properties of hardware based systems with the portability and programmability of software. Specifically we introduce two methods, Character Aware and SDFA, for encoding predictive state codes which can forecast the next states of our FSM. The result is software based pattern matching which is fast, reconfigurable, memory-efficient and portable.

Deterministic finite automata characterization and optimization for scalable pattern matching

Memory-based Deterministic Finite Automata (DFA) are ideal for pattern matching in network intrusion detection systems due to their deterministic performance and ease of update of new patterns, however severe DFA memory requirements make it impractical to implement thousands of patterns. This article aims to understand the basic relationship between DFA characteristics and memory requirements, and to design a practical memory-based pattern matching engine. We present a methodology that consists of theoretical DFA characterization, encoding optimization, and implementation architecture. Results show the validity of the characterization metrics, effectiveness of the encoding techniques, and efficiency of the memory-based pattern engines.

Quality-aware scheduling metrics for adaptive sensor networks

Quality of service in sensor networks is a difficult problem due to unpredictable environment noise, unreliable network communication and varying requirements for wide varieties of applications. In this paper, we present fundamental quality of information metrics using signal-to-noise ratio. These metrics address information quality under varying sensing environments, noise and network bandwidth, and are completely application independent. We use these metrics to develop a quality-aware scheduling system (QSS) which exploits cross-layer control of sensors to effectively schedule data sensing and forwarding. Particularly, we develop and evaluate several QSS scheduling mechanisms: passive, reactive and perceptive. These mechanisms can adapt to environment noise and bandwidth variation by dynamically changing sensor rates. Our results indicate that our QSS is a novel and effective approach to improve the QoS for sensor networks.

Characterizing Power and Resource Consumption of Encryption/Decryption in Portable Devices

One way to facilitate private communication is to transform information using encryption. However, encryption algorithms are computation-intensive and power-hungry operations for portable devices, which have computing resource limits and energy constraints. Choosing a suitable encryption-decryption algorithm to implement in portable devices is an important decision that needs to be made in order to secure the exchange of sensitive information without over utilizing the power source, processor and memory in mobile devices. This paper provides a methodology to comprehensively evaluate encryption/decryption algorithms for portable devices based on energy, delay, and footprint. Our result is based on four cutting edge algorithms: RC6, Serpent, Mars, and Twofish, and can help to analyze the power and resource overhead of encryption/decryption, as well as other applications running on mobile devices.

Optimized memory based accelerator for scalable pattern matching

One of the most promising techniques to detect and thwart a network attack in a network intrusion detection system is to compare each incoming packet with pre-defined attack patterns. This comparison can be performed by a pattern matching engine which has several key requirements including scalability to line rates of network traffic and easy updating of new attack patterns. Memory-based deterministic finite automata meet these requirements, however their storage requirement will grow exponentially with the number of patterns which makes it impractical for implementation. In this paper, we propose a customized memory-based pattern matching engine, whose storage requirement linearly increases with the number of patterns. The basic idea is to allocate one memory slot for each state instead of each edge of the deterministic finite automaton. To demonstrate this idea, we have developed two customized memory decoders. We evaluate them by comparing with a traditional approach in terms of programmability and resource requirements. We also examine their effectiveness for different optimized deterministic finite automata. Experimental results are presented to demonstrate the validity of our proposed approach.

Predictive pattern matching for scalable network intrusion detection

Signature-based network intrusion detection requires fast and reconfigurable pattern matching for deep packet inspection. This paper presents a novel pattern matching engine, which exploits a memory-based programmable state machine to achieve deterministic processing rates that are independent of packet and pattern characteristics. Our engine is a portable predictive pattern matching finite state machine (P3FSM), which combines the properties of hardware-based systems with the portability and programmability of software. Specifically we introduce two methods, “Character Aware” and “SDFA”, for encoding predictive state codes which can forecast the next states of our FSM. The result is software based pattern matching which is fast, reconfigurable, memory-efficient and portable.

Deterministic finite automata characterization for memory-based pattern matching

In the midst of vastly numbered and quickly growing internet security threats, Network Intrusion Detection System (NIDS) becomes more important to network security every day. Vital to effective NIDS is a multi-pattern matching engine which requires deterministic performance and adaptability to new threats. Memory-based Deterministic Finite Automata (DFA) are ideal for pattern matching but have severe memory requirements that make them difficult to implement. Many previous heuristic techniques have been proposed to reduce memory requirements, however in this paper, we aim to effectively understand the basic relationship between DFA characteristics and memory, in order to create minimal memory DFA implementations. We show what DFA characteristics either cause or reduce memory requirements, as well as how to optimize DFA to exploit those characteristics. Specifically, we introduce the concepts of State Independence and State Irregularity, which are DFA characteristics that can reduce memory waste and allow for memory reuse. Furthermore, we introduce DFA normalization which optimizes DFA to fully exploit these characteristics. Altogether this work serves as a source for how to extract and utilize DFA characteristics to create minimal memory implementations.