Saving energy in aggressive intrusion detection through dynamic latency sensitivity recognition

In an always connected world, cyber-attacks and computer security breaches can produce significant financial damages as well as introduce new risks and menaces in everyday's life. As a consequence, more and more sophisticated packet screening/filtering solutions are deployed everywhere, typically on network border devices, in order to sanitize Internet traffic. Despite the obvious benefits associated to the proactive detection of security threats, these devices, by performing deep packet inspection and inline analysis, may both affect latency-sensitive traffic introducing non-negligible delays, and increase the energy demand at the network element level. Starting from these considerations, we present a selective routing and intrusion detection technique based on dynamic statistical analysis. Our technique separates latency-sensitive traffic from latency-insensitive one and adaptively organizes the intrusion detection activities over multiple nodes. This allows suppressing directly at the network ingress, when possible, all the undesired components of latency-insensitive traffic and distributing on the innermost nodes the security check for latency sensitive flows, prioritizing routing activities over security scanning ones. Our final goal is demonstrating that selective intrusion detection can result in significant energy savings without adversely affecting latency-sensitive traffic by introducing unacceptable processing delays.