High Speed NIDS using Dynamic Cluster and Comparator Logic

Cluster technology has witnessed a tremendous inception in computing world. The technique integrates the standard computing resources to generate more processing power and other hardware strengths. The collection of interconnected stand-alone computers ensures high availability, increased throughput...

Full description

Saved in:
Bibliographic Details
Published in2010 10th IEEE International Conference on Computer and Information Technology pp. 575 - 581
Main Authors Akhlaq, M, Alserhani, F, Subhan, A, Awan, I U, Mellor, J, Mirchandani, P
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.06.2010
Subjects
Bandwidth
Comparator Logic
Dynamic Cluster
Hardware
Intrusion Detection Systems (IDS)
IP networks
Loadbalancer
Monitoring
Plugins
Policy Routing
Routing
Security
Snort
Switches
Online AccessGet full text

Cover

More Information
Summary:Cluster technology has witnessed a tremendous inception in computing world. The technique integrates the standard computing resources to generate more processing power and other hardware strengths. The collection of interconnected stand-alone computers ensures high availability, increased throughput, scalability and improved performance. We have developed a dynamic cluster based approach for high speed Network Intrusion Detection Systems (NIDS) using refined policy based routing. The front end of the cluster is the loadbalancer which distributes the traffic among cluster nodes on a predefined policy. Our proposed logic ensured maximum utilization of cluster resources by exchanging state information, load sharing, reducing data loss and performing recovery evaluation procedure to maximize overall efficiency. Our rule based loadbalancing technique which uses switchovers to prevent system overloading has shown quality results. We have further integrated the concept of Comparator Logic to recover the lost traffic in case of switchovers etc. The retrieved data is re-evaluated by recovery NIDS thus maximizing the system efficiency. Snort, an open source NIDS has been used on account of being a de-facto IDS standard. Finally, our results ratify the adoption of cluster based approach in NIDS environment using commodity hardware. We have validated the concept by analyzing the performance in different traffic conditions, packet sizes, configurations and bandwidths. Our results showed a significant improvement of the system in terms of packet handling/analyzing capacity and can be considered as good contribution in cluster based adoption of NIDS.
ISBN:1424475473
9781424475476
DOI:10.1109/CIT.2010.120