TY - GEN
T1 - Performance improvement by means of collaboration between network intrusion detection systems
AU - Hanaoka, Miyuki
AU - Kono, Kenji
AU - Hirotsu, Toshio
N1 - Copyright:
Copyright 2009 Elsevier B.V., All rights reserved.
PY - 2009
Y1 - 2009
N2 - Because of today's increased traffic volume and sophisticated attacks, implementing a network intrusion detection/ prevention system (NIDS/NIPS) with a single workstation has been challenging. In this paper, we propose Brownie, a system for improving performance by means of collaboration between already-existing NIDSs, instead of installing one expensive hardware or parallel NIDS at a network entry point. Our Brownie achieves performance improvement by 1) offloading overloaded NIDS, and 2) eliminating redundant rules. First, a Brownie exchanges NIDSs' load status and transfers some rules from overloaded to light-loaded NIDSs, which prevents the overloaded NIDSs from bottlenecking the network. Second, if some NIDSs in a network path enable the same rules, a Brownie eliminates the redundant rules, which reduces the aggregate overhead of the NIDSs. The experimental results with a university full-packet trace suggest that Brownies successfully offloads overloaded NIDS and eliminates redundant rules.
AB - Because of today's increased traffic volume and sophisticated attacks, implementing a network intrusion detection/ prevention system (NIDS/NIPS) with a single workstation has been challenging. In this paper, we propose Brownie, a system for improving performance by means of collaboration between already-existing NIDSs, instead of installing one expensive hardware or parallel NIDS at a network entry point. Our Brownie achieves performance improvement by 1) offloading overloaded NIDS, and 2) eliminating redundant rules. First, a Brownie exchanges NIDSs' load status and transfers some rules from overloaded to light-loaded NIDSs, which prevents the overloaded NIDSs from bottlenecking the network. Second, if some NIDSs in a network path enable the same rules, a Brownie eliminates the redundant rules, which reduces the aggregate overhead of the NIDSs. The experimental results with a university full-packet trace suggest that Brownies successfully offloads overloaded NIDS and eliminates redundant rules.
UR - http://www.scopus.com/inward/record.url?scp=67650308449&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=67650308449&partnerID=8YFLogxK
U2 - 10.1109/CNSR.2009.48
DO - 10.1109/CNSR.2009.48
M3 - Conference contribution
AN - SCOPUS:67650308449
SN - 9780769536491
T3 - Proceedings of the 7th Annual Communication Networks and Services Research Conference, CNSR 2009
SP - 262
EP - 269
BT - Proceedings of the 7th Annual Communication Networks and Services Research Conference, CNSR 2009
T2 - 7th Annual Communication Networks and Services Research Conference, CNSR 2009
Y2 - 11 May 2009 through 13 May 2009
ER -