Load Balancing for High - Speed Parallel Network Intrusion
نویسنده
چکیده
by Kyle Bruce Wheeler Network intrusion detection systems (NIDS) are deployed near network gateways to analyze all traffic entering or leaving the network. The traffic at such locations is frequently transmitted in such volumes and speeds that a commodity computer quickly becomes overwhelmed. NIDS must be able to handle all of the traffic available. The SPANIDS platform addresses this problem with a custom hardware load balancer that spreads traffic over several NIDS sensors. The load balancer ensures that sensors do not become overloaded by shifting traffic between sensors while maintaining network flow continuity when possible. The balancer must be resistant to attacks designed to overwhelm it. This work outlines the design of the SPANIDS load balancer and evaluates its performance using simulation. Several design points are examined, including overload detection, locating overload causes, and several overload avoidance techniques. The simulation results confirm the viability of the SPANIDS architecture for scalable parallel network intrusion detection.
منابع مشابه
A Dynamic Forecast Load-balancing Algorithm for High-speed Network Instruction Detection System
The high-speed data flow network always makes a serious performance bottleneck on intrusion detection system, leading to the detector of parallel intrusion detection system load unevenly. Packets cannot be fast through the detection system, the processing time tends to make the network more congested and packet loss rate surged high. To solve this problem, a dynamic forecast load balancing sche...
متن کاملAn overview to Software Architecture in Intrusion Detection System
Today by growing network systems, security is a key feature of each network infrastructure. Network Intrusion Detection Systems (IDS) provide defense model for all security threats which are harmful to any network. The IDS could detect and block attack-related network traffic. The network control is a complex model. Implementation of an IDS could make delay in the network. Several software-base...
متن کاملDesign and Implementation of a High-Performance Network Intrusion Prevention System
Network intrusion prevention systems provide proactive defense against security threats by detecting and blocking attack-related traffic. This task can be highly complex, and therefore, software-based network intrusion prevention systems have difficulty in handling high speed links. This paper describes the design and implementation of a high-performance network intrusion prevention system that...
متن کاملA Parallel Architecture for Stateful Intrusion Detection in High Traffic Networks
In a scenario where network bandwidth and traffic are continuously growing, network appliances that have to monitor and analyze all flowing packets are reaching their limits. These issues are critical especially for Network Intrusion Detection Systems (NIDS) that need to trace and reassemble every connection, and to examine every packet flowing on the monitored link(s), to guarantee high securi...
متن کاملTechniques of Building a Scalable, Efficient Intrusion Monitoring Architecture
To perform effective intrusion analysis in higher bandwidth network, this paper studies the data collecting techniques and proposes a scalable efficient intrusion monitoring architecture (SEIMA) for network intrusion detection system (NIDS). In the architecture of SEIMA, scaling network intrusion detection to high network speeds can be achieved using multiple sensors operating in parallel coupl...
متن کامل