Performance improvement by means of collaboration between network intrusion detection systems

Miyuki Hanaoka, Kenji Kono, Toshio Hirotsu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Because of today's increased traffic volume and sophisticated attacks, implementing a network intrusion detection/ prevention system (NIDS/NIPS) with a single workstation has been challenging. In this paper, we propose Brownie, a system for improving performance by means of collaboration between already-existing NIDSs, instead of installing one expensive hardware or parallel NIDS at a network entry point. Our Brownie achieves performance improvement by 1) offloading overloaded NIDS, and 2) eliminating redundant rules. First, a Brownie exchanges NIDSs' load status and transfers some rules from overloaded to light-loaded NIDSs, which prevents the overloaded NIDSs from bottlenecking the network. Second, if some NIDSs in a network path enable the same rules, a Brownie eliminates the redundant rules, which reduces the aggregate overhead of the NIDSs. The experimental results with a university full-packet trace suggest that Brownies successfully offloads overloaded NIDS and eliminates redundant rules.

Original languageEnglish
Title of host publicationProceedings of the 7th Annual Communication Networks and Services Research Conference, CNSR 2009
Pages262-269
Number of pages8
DOIs
Publication statusPublished - 2009 Jul 17
Event7th Annual Communication Networks and Services Research Conference, CNSR 2009 - Moncton, NB, Canada
Duration: 2009 May 112009 May 13

Publication series

NameProceedings of the 7th Annual Communication Networks and Services Research Conference, CNSR 2009

Other

Other7th Annual Communication Networks and Services Research Conference, CNSR 2009
CountryCanada
CityMoncton, NB
Period09/5/1109/5/13

    Fingerprint

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Electrical and Electronic Engineering

Cite this

Hanaoka, M., Kono, K., & Hirotsu, T. (2009). Performance improvement by means of collaboration between network intrusion detection systems. In Proceedings of the 7th Annual Communication Networks and Services Research Conference, CNSR 2009 (pp. 262-269). [4939136] (Proceedings of the 7th Annual Communication Networks and Services Research Conference, CNSR 2009). https://doi.org/10.1109/CNSR.2009.48