Abstract
The process speed of network-based intrusion detection systems (NIDSs) is still low compared with the speed of networks. As a result, few NIDS is applicable in a high-speed network. A parallel NIDS for high-speed networks is presented in this paper. By dividing the overall traffic into small slices, several sensors can analyze the traffic concurrently and significantly increase the process speed. For most attacks, our partition algorithm ensures that a single slice contains all the evidence necessary to detect a specific attack, making sensor-to-sensor interaction unnecessary. Meanwhile, by making use of the character of the network traffic, the algorithm can also dynamically balance all sensors’ loads. To keep the system as simple as possible, a specific sensor is used to detect the scan and the DoS attack. Although only one sensor is used for this kind of attacks, we argue that our system can still provide high process ability.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Bace, R., Mell, P.: Intrusion Detection Systems. NIST Special Publication on Intrusion Detection Systems (2001)
Vigna, G., Kemmerer, R.: NetSTAT: A Network based Intrusion Detection Approach. In: Computer Security Applications Conference (1998)
Walder, B.: Gigabit IDS (2003), http://www.westcoast.com/artframereport.html
Kruegel, C., Valeur, F., Vigna, G., Kemmerer, R.: Stateful Intrusion Detection for High-Speed Networks. In: IEEE Symposium on Security and Privacy (2002)
Charitakis, I., Anagnostakis, K., Markatos, E.: An Active Traffic Splitter Architecture for Intrusion Detection. In: 11th IEEE/ACM International Symposium on Modeling, Analysis and Simulation of Computer Telecommunications Systems (2003)
Paxson, V.: Bro: A System for Detecting Network Intruders in Real-Time. In: The 7th USENIX Security Symposium (1998)
Sekar, R., Guang, Y., Verma, S., Shanbag, T.: A High-Performance Network Intrusion Detection System. In: ACM Symposium on Computer and Communication Security (1999)
kossak.: Building Into The Linux Network Layer. Phrack Magazine 9 (1999)
Fowler, G., Vo, P.: Landon Curt Noll: Fowler / Noll / Vo (FNV) Hash, http://www.isthe.com/chongo/tech/comp/fnv/
MIT Lincoln Laboratory: DARPA Intrusion Detection Evaluation (1999), http://www.ll.mit.edu/IST/ideval/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lai, H., Cai, S., Huang, H., Xie, J., Li, H. (2004). A Parallel Intrusion Detection System for High-Speed Networks. In: Jakobsson, M., Yung, M., Zhou, J. (eds) Applied Cryptography and Network Security. ACNS 2004. Lecture Notes in Computer Science, vol 3089. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24852-1_32
Download citation
DOI: https://doi.org/10.1007/978-3-540-24852-1_32
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22217-0
Online ISBN: 978-3-540-24852-1
eBook Packages: Springer Book Archive