APHID: Anomaly Processor in Hardware for Intrusion Detection

Abstract

The Anomaly Processor in Hardware for Intrusion Detection (APHID) is a step forward in the field of co-processing intrusion detection mechanism. By using small, fast hardware primitives APHID relieves the production CPU from the burden of security processing. These primitives are tightly coupled to the CPU giving them access to critical state information such as the current instruction(s) in execution, the next instruction, registers, and processor state information. By monitoring these hardware elements, APHID is able to determine when an anomalous action occurs within one clock cycle. Upon detection, APHID can force the processor into a corrective state, or a halted state, depending on the required response. APHID primitives also harden the production system against attacks such as Distribute Denial of Service attack and buffer overflow attacks. APHID is designed to be fast and agile, with the ability to create multiple monitors that switch in and out of monitoring with the context switches of the production processor to highly focused coverage over multiple devices and sections of code.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 01, 2007
Accession Number
ADA469491

Entities

People

  • Samuel A. Hart

Organizations

  • Air Force Institute of Technology

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Air Force
  • Computer Programming
  • Computer Programs
  • Computers
  • Cybersecurity
  • Detection
  • Detectors
  • Information Systems
  • Instruction Set Architecture
  • Intrusion Detection
  • Intrusion Detectors
  • Kernels (Operating System)
  • Network Protocols
  • Operating Systems
  • Reliability
  • Transport Protocols
  • Warning Systems

Fields of Study

  • Computer science

Readers

  • Computer Networking
  • Parallel and Distributed Computing.
  • Statistical inference.