A new function in the intrusion detection system SNORT makes multipath networks safer2020-03-25
You have probably noticed that an online video clip playing on your mobile phone is interrupted when you leave your house and the Wifi network. The mobile phone connects to 4G, and the video clip resumes. One advantage of multipath networks, which will be common in the future, is that your mobile phone will switch between different networks without you noticing it. Your connection will be really fast when traffic is distributed across several paths, but at the same time the risk of intrusion increases. Zeeshan Afzal, who recently completed a Degree of Doctor in Computer Science, focused his doctoral studies on the security challenges of multipath networks.
“My research is about the protocol ”Multipath TCP”, a new network language that our connected devices might use to communicate in the future,” says Zeeshan Afzal. “My focus has been to teach security systems to understand this language, which will enable them to detect security problems such as intrusion attempts.”
Security systems search for signatures
Intrusion attempts can for instance be detected through so-called signatures, that is to say patterns from earlier known intrusions. At present, there are over 30 000 identified signatures. When one of these is detected, the traffic is blocked and the intrusion is averted.
“When all traffic uses one path, signatures are easy to detect. In my research, I have discovered that signatures proliferate as well when traffic is distributed across several paths. This means that they are much more difficult to identify. Through creating new components in SNORT, an open-source-based intrusion detection system, I have provided the system with a new function which enables it to detect parts of signatures and thus ward off intrusion.”
Zeeshan Afzal publicly defended his doctoral thesis on 28 February. His work has been part of the project HITS, High Quality Networked Services in a Mobile World, which aims to contribute to the development of high quality networking services for a mobile world. The research is conducted in close collaboration with industry partners.
You can access the doctoral dissertation Life of a Security Middlebox: Challenges with Emerging Protocols and Technologies here.