ACM Transactions on Computer Systems (TOCS)
Deriving traffic demands for operational IP networks: methodology and experience
IEEE/ACM Transactions on Networking (TON)
An integrated experimental environment for distributed systems and networks
ACM SIGOPS Operating Systems Review - OSDI '02: Proceedings of the 5th symposium on Operating systems design and implementation
Efficient commit protocols for the tree of processes model of distributed transactions
ACM SIGOPS Operating Systems Review
Measuring ISP topologies with rocketfuel
IEEE/ACM Transactions on Networking (TON)
Dynamics of hot-potato routing in IP networks
Proceedings of the joint international conference on Measurement and modeling of computer systems
Diagnosing network-wide traffic anomalies
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
SSA: a power and memory efficient scheme to multi-match packet classification
Proceedings of the 2005 ACM symposium on Architecture for networking and communications systems
A clean slate 4D approach to network control and management
ACM SIGCOMM Computer Communication Review
Simplifying the synthesis of internet traffic matrices
ACM SIGCOMM Computer Communication Review
A high performance NIDS using FPGA-based regular expression matching
Proceedings of the 2007 ACM symposium on Applied computing
OSPF monitoring: architecture, design and deployment experience
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Bro: a system for detecting network intruders in real-time
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
OpenFlow: enabling innovation in campus networks
ACM SIGCOMM Computer Communication Review
Reformulating the monitor placement problem: optimal network-wide sampling
CoNEXT '06 Proceedings of the 2006 ACM CoNEXT conference
Predicting the resource consumption of network intrusion detection systems
SIGMETRICS '08 Proceedings of the 2008 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
XFA: Faster Signature Matching with Extended Automata
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Principles for developing comprehensive network visibility
HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
Regular Expression Matching on Graphics Hardware for Intrusion Detection
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
The NIDS cluster: scalable, stateful network intrusion detection on commodity hardware
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Network-wide deployment of intrusion detection and prevention systems
Proceedings of the 6th International COnference
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
MIDeA: a multi-parallel intrusion detection architecture
Proceedings of the 18th ACM conference on Computer and communications security
The middlebox manifesto: enabling innovation in middlebox deployment
Proceedings of the 10th ACM Workshop on Hot Topics in Networks
Traffic engineering with traditional IP routing protocols
IEEE Communications Magazine
Making middleboxes someone else's problem: network processing as a cloud service
Proceedings of the ACM SIGCOMM 2012 conference on Applications, technologies, architectures, and protocols for computer communication
Outsourcing network functionality
Proceedings of the first workshop on Hot topics in software defined networks
SIMPLE-fying middlebox policy enforcement using SDN
Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM
| Hi-index | 0.00 |
As traffic volumes and the types of analysis grow, network intrusion detection systems (NIDS) face a continuous scaling challenge. Management realities, however, limit NIDS hardware upgrades to occur typically once every 3-5 years. Given that traffic patterns can change dramatically, this leaves a significant scaling challenge in the interim. This motivates the need for practical solutions that can help administrators better utilize and augment their existing NIDS infrastructure. To this end, we design a general architecture for network-wide NIDS deployment that leverages three scaling opportunities: on-path distribution to split responsibilities, replicating traffic to NIDS clusters, and aggregating intermediate results to split expensive NIDS processing. The challenge here is to balance both the compute load across the network and the total communication cost incurred via replication and aggregation. We implement a backwards-compatible mechanism to enable existing NIDS infrastructure to leverage these benefits. Using emulated and trace-driven evaluations on several real-world network topologies, we show that our proposal can substantially reduce the maximum computation load, provide better resilience under traffic variability, and offer improved detection coverage.