By Topic

Performance Improvement by Means of Collaboration between Network Intrusion Detection Systems

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Hanaoka, M. ; Dept. of Inf. & Comput. Sci., Keio Univ., Yokohama ; Kono, K. ; Hirotsu, T.

Because of today's increased traffic volume and sophisticated attacks, implementing a network intrusion detection/prevention system (NIDS/NIPS) with a single workstation has been challenging. In this paper, we propose Brownie, a system for improving performance by means of collaboration between already-existing NIDSs, instead of installing one expensive hardware or parallel NIDS at a network entry point. Our Brownie achieves performance improvement by 1) offloading overloaded NIDS, and 2) eliminating redundant rules. First, a Brownie exchanges NIDSs' load status and transfers some rules from overloaded to light-loaded NIDSs, which prevents the overloaded NIDSs from bottlenecking the network. Second, if some NIDSs in a network path enable the same rules, a Brownie eliminates the redundant rules, which reduces the aggregate overhead of the NIDSs. The experimental results with a university full-packet trace suggest that Brownies successfully offloads overloaded NIDS and eliminates redundant rules.

Published in:

Communication Networks and Services Research Conference, 2009. CNSR '09. Seventh Annual

Date of Conference:

11-13 May 2009