SCIENCE

The National Science Foundation has awarded a grant of almost $3 million to the International Computer Science Institute (ICSI) and the National Center for Supercomputing Applications (NCSA) to improve a widely used open-source program for detecting security intrusions. The three-year project is led by Robin Sommer and Vern Paxson at ICSI and Adam Slagell at NCSA.

The Bro intrusion detection framework monitors network traffic for suspicious activity and unauthorized deviations from established security policies. It was originally developed in 1996 by Paxson, who continues to lead the project jointly with Sommer. Unlike other intrusion detection systems, the core of the Bro system is not tied to any particular detection approach; instead it provides a flexible platform for performing complex analysis tasks. While the system is widely used by universities, research labs, supercomputing centers, and science communities, Bro is still primarily a research platform and requires a high level of expertise from users to deploy it effectively.

This project will improve Bro by:

"The goal is to achieve better security and stability for NSF resources protected by Bro," said Slagell. "Also, we are building the user community to address software sustainability issues. We want to make it easy for users to contribute and to provide a central place for that."

"This project gives us the opportunity to specifically address feedback we've gotten from Bro users and to really focus on the end-user perspective," said Sommer. "We'll be able to refine many of the rough edges the system has accumulated over time."

NCSA has used Bro for almost 10 years and plans to employ Bro to monitor the Blue Waters sustained-petaflop supercomputer. Blue Waters will employ more than 300,000 compute cores and hundreds of Gigabits of network infrastructure, and this project is critical to scaling Bro to meet the challenge of such a large system.