type: europeen project - 6th FWP - 027095
description of FastMatch
The aim of this project was to propose a layered and agent-oriented framework to enable delivery of multiple pattern-based and behaviorbased scanning, filtering and detection functions at much higher speeds than realized by existing intrusion detection systems. This framework had to be robust in the sense to constantly adapt and react to changing security threats in the longer term. The proposed framework was divided in three layers: a hardware layer where some scanning, filtering and detection functions have been implemented in FPGAs; a management station layer were more sophisticated detection algorithms have been deployed on PCs to detect known and unknown attacks occurring in one network and learn unknown ones and finally a knowledge layer were a multi-agent system has been proposed to detect collaboratively distributed attacks occurring in distributed networks and to manage incidents occurring in these networks.
Rainbow in FastMatch
Our role in the project was to design the last layer i.e. the knowledge layer and to propose a model for automatic generation of worm signatures.
“Collaborative attack detection and incident management in distributed networks”