A Protocol-Language Model for Network Intrusion (Without Deep Packet Inspection)

Modern network intrusion detection systems NIDS are caught in a structural contradiction: the protocols carrying the highest threat intelligence are precisely those encrypted under TLS 1.3 and QUIC, where payload inspection yields nothing. We ask a simpler question -- what if the attack signature...

Data-Plane Telemetry to Mitigate Long-Distance BGP Hijacks

Poor security of Internet routing enables adversaries to divert user data through unintended infrastructures hijack. Of particular concern -- and the focus of this paper -- are cases where attackers reroute domestic traffic through foreign countries, exposing it to surveillance, bypassing legal...

Multi Gigabit Packet Capturing: PFQ

PFQ is a functional networking framework designed for the Linux operating system that allows efficient packets capture/transmission 10G and beyond, in-kernel functional processing and packets steering across sockets/end-points. PFQ is highly optimized for multi-core architecture, as well as for...