Skip to Main Content
As the band of networks increases, the process speed of network-based intrusion detection system (NIDS) hardly keeps up with the speed of networks. By arranging several sensors to deal with the traffic in parallel, the intrusion detection system's speed can be significantly increased. How to split the traffic to the sensors is the key problem of a parallel intrusion detection system. To resolve the problems, load balance has to be concerned. There is an emerging need for parallel intrusion detection techniques that can keep up with the increasing network throughput. A novel algorithm of load balance in the parallel IDS (intrusion detection system) was proposed to improve detection ability of parallel IDS. The algorithm was adopted to hash the network packet header information in data packet, to map the corresponding packet to the scope of the sensors' number, and to adjust the scope according to the performance and load of each sensor. Theoretic analysis and experimental results demonstrate that the algorithm can dispatch data packets reasonably and utilize all the sensors' sources effectively.