A fuzzy-based dynamic provision approach for virtualized network intrusion detection systems

Authors:
Bo Li;Jianxin Li;Tianyu Wo;Xudong Wu;Junaid Arshad;Wantao Liu
Affiliations:
School of Computer Science and Engineering, Beihang University, Beijing, China;School of Computer Science and Engineering, Beihang University, Beijing, China;School of Computer Science and Engineering, Beihang University, Beijing, China;School of Computer Science and Engineering, Beihang University, Beijing, China;School of Computing, University of Leeds, Leeds, UK;School of Computer Science and Engineering, Beihang University, Beijing, China
Venue:
AST/UCMA/ISA/ACN'10 Proceedings of the 2010 international conference on Advances in computer science and information technology
Year:
2010

Citing 9
Cited 0

Bro: a system for detecting network intruders in real-time

Computer Networks: The International Journal of Computer and Telecommunications Networking
Toward cost-sensitive modeling for intrusion detection and response

Journal of Computer Security
Stateful Intrusion Detection for High-Speed Networks

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
HyperSpector: virtual distributed monitoring environments for secure intrusion detection

Proceedings of the 1st ACM/USENIX international conference on Virtual execution environments
Detecting past and present intrusions through vulnerability-specific predicates

Proceedings of the twentieth ACM symposium on Operating systems principles
Foundations of Fuzzy Control

Foundations of Fuzzy Control
Autonomic resource management in virtualized data centers using fuzzy logic-based approaches

Cluster Computing
Predicting the Resource Consumption of Network Intrusion Detection Systems

RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Performance adaptation in real-time intrusion detection systems

RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection

Quantified Score

Hi-index	0.00

Visualization

Abstract

With the increasing prevalence of virtualization and cloud technologies, virtual security appliances have emerged and become a new way for traditional security appliances to be rapidly distributed and deployed in IT infrastructure. However, virtual security appliances are challenged with achieving optimal performance, as the physical resource is shared by several virtual machines, and this issue is aggravated when virtualizing network intrusion detection systems (NIDS). In this paper, we proposed a novel approach named fuzzyVIDS, which enables dynamic resource provision for NIDS virtual appliance. In fuzzyVIDS, we use fuzzy model to characterize the complex relationship between performance and resource demands and we develop an online fuzzy controller to adaptively control the resource allocation for NIDS under varying network traffic. Our approach has been successfully implemented in the iVIC platform. Finally, we evaluate our approach by comprehensive experiments based on Xen hypervisor and Snort NIDS and the results show that the proposed fuzzy control system can precisely allocate resources for NIDS according to its resource demands, while still satisfying the performance requirements of NIDS.