Homestead, Utah May 9, 2001
NIWSensor: Network Indications
& Warnings
Vic Hogsett, NIS-9: vic@lanl.gov, PI, (505)667.7185
Scott Briles, NIS-3: briles@lanl.gov, DSP R&D
Dan Neagley, NIS-3: neagley@lanl.gov, FPGA R&D
Keith Lindsay, NIS-9: klindsay@lanl.gov, Concept
Parrallel work
Maya Gokhale, NIS-3: maya@lanl.gov
Ron Minich, CCS-1: rminnich@lanl.gov
Konstantin N Borozdin: kbor@lanl.gov
1
Cyber-Security Challenge:
Bandwidth demands outpace
software security solutions
• 50 (maybe 60) Mbit/sec protectable now
• Los Alamos enterprise: 100 Mbit/s
• 50-60 hackers @ the moat @ any given time
• Bandwidth, bandwidth, bandwidth 10 GB-
100 GB/sec demands here in a blink
May 9, 2001 2
Solution: board level integration of
• Rules based
• Accept best software solution and convert to
specialized processor (NFR, Security CRADA)
• Anomaly detection
• Los Alamos effort to discover network “character” and
measure deviations
• Assisted learning
• Discover miscreant packet signatures on the fly
(Dartmouth & Drexel)
May 9, 2001 3
…by dedicating
… an industry, academic, government and National
Labs team to build a platform and evolving
distributed sensor system able to detect, report,
and adapt to threats to a large high-performance
computer network and the information that it
holds.
May 9, 2001 4
NIWSensor’s Goals
• High-speed, real-time network traffic detection, &
reporting to analyses centers with single-point
administration
• Scaleable, user-configurable network
interface/processing unit.
• Software-driven hardware development
• Highly expandable parallel processing
• Non-standard (i.e. hack-resistant) OS
May 9, 2001 5
Technical Features
• An array of mission specific sensors built on
advancing Los Alamos computational algorithms;
• Performance on a 10 Gb/sec. Class B network
backbone and its sub-components;
• Real-time/logged detection, reporting &
response;
• Adaptable to evolving needs, such as encryption;
• Extensible;
May 9, 2001 6
Walk first
• 1 Gbit/sec rules implementation within a year
would devote about 3 people fulltime
• Two ways to go
• Highly proprietary industry fledgling (0.8 GMbit/s):
Boeing
• Highly addressable government solution (1 Gbit/s):
DARPA/SLAAC
• Parallel assisted learning/anomaly detection
research underway
• Very soon after to 2.4 Gbit/s
May 9, 2001 7
Who Cares? Everybody!!
• DOD, DOE
• Nuclear weapons R&D, production facilities
• Energy mix distribution
• DTRA
• US industry
• DOD forensics
May 9, 2001 8
Who’s on board?
• NFR, Security (CRADA: May 21)
• Dartmouth College/DOJ (Funds In for AI)
• DOE (On life support)
• Drexel U. developing AI based management
system
• Several other corporations tentative
May 9, 2001 9