Empirically derived analytic models of wide-area TCP connections
IEEE/ACM Transactions on Networking (TON)
IEEE/ACM Transactions on Networking (TON)
Data networks as cascades: investigating the multifractal nature of Internet WAN traffic
Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
Difficulties in simulating the internet
IEEE/ACM Transactions on Networking (TON)
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
Stateful Intrusion Detection for High-Speed Networks
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
IEEE Security and Privacy
Enhancing byte-level network intrusion detection signatures with context
Proceedings of the 10th ACM conference on Computer and communications security
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Denial of service via algorithmic complexity attacks
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Capacity verification for high speed network intrusion detection systems
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Performance adaptation in real-time intrusion detection systems
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Packet trace manipulation rramework for test labs
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Protomatching network traffic for high throughputnetwork intrusion detection
Proceedings of the 13th ACM conference on Computer and communications security
Enhancing interoperability and stateful analysis of cooperative network intrusion detection systems
Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
Hyperion: high volume stream archival for retrospective querying
ATC'07 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference
Predicting the resource consumption of network intrusion detection systems
SIGMETRICS '08 Proceedings of the 2008 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Swift: a fast dynamic packet filter
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Enriching network security analysis with time travel
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
A Survey of the High-Speed Self-learning Intrusion Detection Research Area
AIMS '07 Proceedings of the 1st international conference on Autonomous Infrastructure, Management and Security: Inter-Domain Management
Distributed Evasive Scan Techniques and Countermeasures
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Conceptual Integration of Flow-Based and Packet-Based Network Intrusion Detection
AIMS '08 Proceedings of the 2nd international conference on Autonomous Infrastructure, Management and Security: Resilient Networks and Services
Predicting the Resource Consumption of Network Intrusion Detection Systems
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Traffic Data Preparation for a Hybrid Network IDS
HAIS '08 Proceedings of the 3rd international workshop on Hybrid Artificial Intelligence Systems
Correlation-based load balancing for network intrusion detection and prevention systems
Proceedings of the 4th international conference on Security and privacy in communication netowrks
Robust network monitoring in the presence of non-cooperative traffic queries
Computer Networks: The International Journal of Computer and Telecommunications Networking
Revealing the Unknown ADSL Traffic Using Statistical Methods
TMA '09 Proceedings of the First International Workshop on Traffic Monitoring and Analysis
OpenLIDS: a lightweight intrusion detection system for wireless mesh networks
Proceedings of the 15th annual international conference on Mobile computing and networking
Proceedings of the Third European Workshop on System Security
On-line predictive load shedding for network monitoring
NETWORKING'07 Proceedings of the 6th international IFIP-TC6 conference on Ad Hoc and sensor networks, wireless networks, next generation internet
The NIDS cluster: scalable, stateful network intrusion detection on commodity hardware
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Network-wide deployment of intrusion detection and prevention systems
Proceedings of the 6th International COnference
Design and implementation of a fast dynamic packet filter
IEEE/ACM Transactions on Networking (TON)
Detection of unknown dos attacks by kolmogorov-complexity fluctuation
CISC'05 Proceedings of the First SKLOIS conference on Information Security and Cryptology
Streams, security and scalability
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
Enhancing the accuracy of network-based intrusion detection with host-based context
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Enhancing network intrusion detection with integrated sampling and filtering
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
WIND: workload-aware INtrusion detection
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
MOVICAB-IDS: visual analysis of network traffic data streams for intrusion detection
IDEAL'06 Proceedings of the 7th international conference on Intelligent Data Engineering and Automated Learning
Intrusion Detection: Towards scalable intrusion detection
Network Security
Multi-resource fair queueing for packet processing
Proceedings of the ACM SIGCOMM 2012 conference on Applications, technologies, architectures, and protocols for computer communication
Tolerating overload attacks against packet capturing systems
USENIX ATC'12 Proceedings of the 2012 USENIX conference on Annual Technical Conference
Multi-resource fair queueing for packet processing
ACM SIGCOMM Computer Communication Review - Special october issue SIGCOMM '12
RT-MOVICAB-IDS: Addressing real-time intrusion detection
Future Generation Computer Systems
A lone wolf no more: supporting network intrusion detection with real-time intelligence
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
GPP-Grep: high-speed regular expression processing engine on general purpose processors
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
NSS'12 Proceedings of the 6th international conference on Network and System Security
Re-examining the performance bottleneck in a NIDS with detailed profiling
Journal of Network and Computer Applications
Scap: stream-oriented network traffic capture and analysis for high-speed networks
Proceedings of the 2013 conference on Internet measurement conference
Computer Networks: The International Journal of Computer and Telecommunications Networking
Journal of Network and Computer Applications
Hi-index | 0.00 |
In large-scale environments, network intrusion detection systems (NIDSs) face extreme challenges with respect to traffic volume, traffic diversity, and resource management. While crucial for acceptance and operational deployment, the research literature mainly omits such practical difficulties. In this paper, we offer an evaluation based on extensive operational experience. More specifically, we identify and explore key factors with respect to resource management and efficient packet processing and highlight their impact using a set of real-world traces. On the one hand, these insights help us gauge the trade-offs of tuning a NIDS. On the other hand, they motivate us to explore several novel ways of reducing resource requirements. These enable us to improve the state management considerably as well as balance the processing load dynamically. Overall this enables us to operate a NIDS successfully in our high-volume network environments.