Proceedings of the seventeenth ACM symposium on Operating systems principles
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
SPANIDS: a scalable network intrusion detection loadbalancer
Proceedings of the 2nd conference on Computing frontiers
The NIDS cluster: scalable, stateful network intrusion detection on commodity hardware
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Hi-index | 0.00 |
In previous work we have build a NIDS cluster as a scalable solution for realizing high-performance, stateful network intrusion detection on commodity hardware. Prototypes of our cluster, consisting of up to 10 PCs, are already operating at two major network sites. In this work we are now gaging the scalability of our approach on the DETER testbed to identify potential performance bottlenecks when using larger number of nodes. Due to privacy concerns we can only use synthetic traffic for our evaluation and therefore start by building a new load-balancer element which can replicate small packet traces by several orders of magnitude. We then use this element to generate a network-load suitable for stress-testing the NIDS cluster from traffic captured on a single workstation. While this approach cannot take into account many characteristics of site-specific live traffic, it still allows us to perform a first assessment of the cluster's underlying scalability hypothesis.