A Methodology for Testing Intrusion Detection Systems
IEEE Transactions on Software Engineering
Cluster-based scalable network services
Proceedings of the sixteenth ACM symposium on Operating systems principles
ONE-IP: techniques for hosting a service on a cluster of machines
Selected papers from the sixth international conference on World Wide Web
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
Stateful Intrusion Detection for High-Speed Networks
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Automatic Synthesis of Efficient Intrusion Detection Systems on FPGAs
IEEE Transactions on Dependable and Secure Computing
The shunt: an FPGA-based accelerator for network intrusion prevention
Proceedings of the 2007 ACM/SIGDA 15th international symposium on Field programmable gate arrays
Conservative vs. optimistic parallelization of stateful network intrusion detection
Proceedings of the 12th ACM SIGPLAN symposium on Principles and practice of parallel programming
DETER Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test on DETER Community Workshop on Cyber Security Experimentation and Test 2007
Enhancing interoperability and stateful analysis of cooperative network intrusion detection systems
Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
Gnort: High Performance Network Intrusion Detection Using Graphics Processors
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Correlation-based load balancing for network intrusion detection and prevention systems
Proceedings of the 4th international conference on Security and privacy in communication netowrks
The NIDS cluster: scalable, stateful network intrusion detection on commodity hardware
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
A distributed neural network learning algorithm for network intrusion detection system
ICONIP'06 Proceedings of the 13th international conference on Neural information processing - Volume Part III
Efficient distributed signature analysis
AIMS'11 Proceedings of the 5th international conference on Autonomous infrastructure, management, and security: managing the dynamics of networks and services
An efficient hash-based load balancing scheme to support parallel NIDS
ICCSA'11 Proceedings of the 2011 international conference on Computational science and its applications - Volume Part I
MIDeA: a multi-parallel intrusion detection architecture
Proceedings of the 18th ACM conference on Computer and communications security
Parallel optimization technology for backbone network intrusion detection system
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
Kargus: a highly-scalable software-based intrusion detection system
Proceedings of the 2012 ACM conference on Computer and communications security
Hi-index | 0.00 |
Network intrusion detection systems (NIDS) are becoming an increasingly important security measure. With rapidly increasing network speeds, the capacity of the NIDS sensor can limit the ability of the system to detect intrusions. The SPANIDS parallel NIDS architecture overcomes this limitation by distributing network traffic load over an array of sensor nodes. Based on a custom hardware load balancer and cost-effective off-the-shelf sensors, the system employs novel stateless load balancing heuristics to thwart scalability limitations. It also uses dynamic feedback from the sensor nodes to adapt to changes in network traffic. This paper describes the overall system architecture, discusses some of the critical design decisions and presents experimental results that demonstrate the performance advantage of this approach