Analyzing network traffic for security purposes is difficult, due
to the real-time requirement, the constantly increasing bandwidth
usage and the complexity of network protocols and
applications. Since in this domain performance is imperative,
existing approaches tend to rely on specialized, inflexible
hardware and/or software techniques. As a consequence, such
approaches are oftentimes ill-equipped to deal with fast-evolving
network protocols and applications.

In this talk I will discuss various techniques to achieve traffic
analysis which is both performant and flexible, suggesting that
posing strict computational constraints in the name of higher
throughput is largely unnecessary. In the first part of my talk I
will describe a novel and general concurrent software
architecture for intrusion detection, which allows operators to
transparently parallelize complex algorithms in this domain. In
the second part of my talk, I will discuss the complementary
problem of efficiently and automatically generating detection
procedure for network threats, so that traffic analysis tools can
timely detect malicious activity on the wire.