Abstract—In a scenario where network bandwidth and traffic are continuously growing, network appliances that have to monitor and analyze all flowing packets are reaching their limits. These issues are critical especially for Network Intrusion Detection Systems (NIDS) that need to trace and reassemble every connection, and to examine every packet flowing on the monitored link(s), to guarantee high security levels. Any NIDS based on a single component cannot scale over certain thresholds, even if it has some parts built in hardware. Hence, parallel architectures appear as the most valuable alternative for the future. In this paper, we propose a parallel NIDS architecture that is able to provide us with fully reliable analysis, high performance and scalability. These properties come together with the low costs and high flexibility that are guaranteed by a total software implementation. The load balancing mechanism of the proposed NIDS distributes the traffic among a configurable number of parallel sensors, so that each of them is reached by a manageable amount of traffic. The parallelism and traffic distribution do not alter the results of the traffic analysis that remains reliable and stateful.
A Parallel Architecture for Stateful Intrusion Detection in High Traffic Networks / Colajanni, Michele; Marchetti, Mirco. - STAMPA. - (2006), pp. N/A-N/A. (Intervento presentato al convegno IEEE/IST Workshop on Monitoring, Attack Detection and Mitigation (MonAM 2006) tenutosi a Tubingen, Germany nel September 2006).
A Parallel Architecture for Stateful Intrusion Detection in High Traffic Networks
COLAJANNI, Michele;MARCHETTI, Mirco
2006
Abstract
Abstract—In a scenario where network bandwidth and traffic are continuously growing, network appliances that have to monitor and analyze all flowing packets are reaching their limits. These issues are critical especially for Network Intrusion Detection Systems (NIDS) that need to trace and reassemble every connection, and to examine every packet flowing on the monitored link(s), to guarantee high security levels. Any NIDS based on a single component cannot scale over certain thresholds, even if it has some parts built in hardware. Hence, parallel architectures appear as the most valuable alternative for the future. In this paper, we propose a parallel NIDS architecture that is able to provide us with fully reliable analysis, high performance and scalability. These properties come together with the low costs and high flexibility that are guaranteed by a total software implementation. The load balancing mechanism of the proposed NIDS distributes the traffic among a configurable number of parallel sensors, so that each of them is reached by a manageable amount of traffic. The parallelism and traffic distribution do not alter the results of the traffic analysis that remains reliable and stateful.
Pubblicazioni consigliate
I metadati presenti in IRIS UNIMORE sono rilasciati con licenza Creative Commons CC0 1.0 Universal, mentre i file delle pubblicazioni sono rilasciati con licenza Attribuzione 4.0 Internazionale (CC BY 4.0), salvo diversa indicazione.
In caso di violazione di copyright, contattare Supporto Iris
