NYU-Poly Researchers Find a New Way to Intercept Malware, Viruses at Router Level
Imagine scanning a document in search of a specific word or phrase, knowing that missing even a single letter could have disastrous consequences. Now imagine that the document is rescanned a million times every second.
Such is the task facing Internet Service Providers (ISPs) as they employ Deep Packet Inspection (DPI) — a cybersecurity tactic aimed at intercepting malicious traffic and preventing viruses from entering a network. H. Jonathan Chao, who heads the Department of Electrical and Computer Engineering at the Polytechnic Institute of New York University (NYU-Poly), and Industry Assistant Professor N. Sertac Artan have developed and patented a hardware solution to revolutionize this increasingly critical cybersecurity function.
The approach offers considerable security advantages to consumers, explains Chao. "Our invention helps intercept viruses and malware at the earliest possible instance — before they even reach users' computers — keeping networks running and protecting individual users," he said.
Effective DPI examines every packet entering a router switch. Its contents are compared against an ever-growing catalogue of known viruses or attack signatures. With millions of packets arriving each second, the process is often accomplished by a network of processors running parallel searches on portions of data packets — an approach that doesn't scale well to high-speed traffic. Chao and Artan devised a scheme for consolidating the inspection process to a single node, compressing the catalogue of attack signatures to fit on one chip. This allows service providers to streamline their DPI strategy, using fewer resources without compromising efficacy or speed.
With a prototype already developed, Chao and Artan are testing their solution with the goal of licensing the technology.
Chao also notes that as cybersecurity threats become more complex and wide-reaching, the security community has focused on hardware solutions to meet the high-speed detection required of today's enterprise and core networks. Earlier this year, NYU-Poly joined with three other top cybersecurity research institutions and the National Science Foundation to establish Trust Hub, a web-based repository and exchange network for security researchers and practitioners. The site will allow the hardware security community to exchange papers, benchmarks, hardware platforms, source codes and tools.
Over the course of ten months, Chao and his collaborators have obtained a total of nine patents for technologies that increase the efficiency and safety of high-speed networks. His Deep Packet Inspection solution was developed with support from the National Science Foundation and NYU-Poly's Center for Advanced Technology in Telecommunications.