Network intrusion detection relies on looking for patterns in large numbers of concurrent sessions. Currently this involves reconstructing all of the flows on a link and using a large collection of regular expressions to hunt for malicious content. In this talk I will look at how processing data out of order can be used to reduce the amount of memory required for reconstructing flows and show that the same techniques can be applied to the processing of large XML data files in parallel.

Peter is a first year PhD student working in the Circuits and Systems Group in EEE and LSDS in DoC. After completing his masters he spent 15 months working for BAE Systems Detica looking at high speed analysis of network traffic.