Performance improvement by means of collaboration between network intrusion detection systems

Miyuki Hanaoka, Kenji Kono, Toshio Hirotsu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Because of today's increased traffic volume and sophisticated attacks, implementing a network intrusion detection/ prevention system (NIDS/NIPS) with a single workstation has been challenging. In this paper, we propose Brownie, a system for improving performance by means of collaboration between already-existing NIDSs, instead of installing one expensive hardware or parallel NIDS at a network entry point. Our Brownie achieves performance improvement by 1) offloading overloaded NIDS, and 2) eliminating redundant rules. First, a Brownie exchanges NIDSs' load status and transfers some rules from overloaded to light-loaded NIDSs, which prevents the overloaded NIDSs from bottlenecking the network. Second, if some NIDSs in a network path enable the same rules, a Brownie eliminates the redundant rules, which reduces the aggregate overhead of the NIDSs. The experimental results with a university full-packet trace suggest that Brownies successfully offloads overloaded NIDS and eliminates redundant rules.

Original languageEnglish
Title of host publicationProceedings of the 7th Annual Communication Networks and Services Research Conference, CNSR 2009
Pages262-269
Number of pages8
DOIs
Publication statusPublished - 2009
Externally publishedYes
Event7th Annual Communication Networks and Services Research Conference, CNSR 2009 - Moncton, NB, Canada
Duration: 2009 May 112009 May 13

Other

Other7th Annual Communication Networks and Services Research Conference, CNSR 2009
CountryCanada
CityMoncton, NB
Period09/5/1109/5/13

Fingerprint

Intrusion detection
Hardware

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Electrical and Electronic Engineering

Cite this

Hanaoka, M., Kono, K., & Hirotsu, T. (2009). Performance improvement by means of collaboration between network intrusion detection systems. In Proceedings of the 7th Annual Communication Networks and Services Research Conference, CNSR 2009 (pp. 262-269). [4939136] https://doi.org/10.1109/CNSR.2009.48

Performance improvement by means of collaboration between network intrusion detection systems. / Hanaoka, Miyuki; Kono, Kenji; Hirotsu, Toshio.

Proceedings of the 7th Annual Communication Networks and Services Research Conference, CNSR 2009. 2009. p. 262-269 4939136.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Hanaoka, M, Kono, K & Hirotsu, T 2009, Performance improvement by means of collaboration between network intrusion detection systems. in Proceedings of the 7th Annual Communication Networks and Services Research Conference, CNSR 2009., 4939136, pp. 262-269, 7th Annual Communication Networks and Services Research Conference, CNSR 2009, Moncton, NB, Canada, 09/5/11. https://doi.org/10.1109/CNSR.2009.48
Hanaoka M, Kono K, Hirotsu T. Performance improvement by means of collaboration between network intrusion detection systems. In Proceedings of the 7th Annual Communication Networks and Services Research Conference, CNSR 2009. 2009. p. 262-269. 4939136 https://doi.org/10.1109/CNSR.2009.48
Hanaoka, Miyuki ; Kono, Kenji ; Hirotsu, Toshio. / Performance improvement by means of collaboration between network intrusion detection systems. Proceedings of the 7th Annual Communication Networks and Services Research Conference, CNSR 2009. 2009. pp. 262-269
@inproceedings{8e3037fe67e94eb5a77fcf9e0fd54049,
title = "Performance improvement by means of collaboration between network intrusion detection systems",
abstract = "Because of today's increased traffic volume and sophisticated attacks, implementing a network intrusion detection/ prevention system (NIDS/NIPS) with a single workstation has been challenging. In this paper, we propose Brownie, a system for improving performance by means of collaboration between already-existing NIDSs, instead of installing one expensive hardware or parallel NIDS at a network entry point. Our Brownie achieves performance improvement by 1) offloading overloaded NIDS, and 2) eliminating redundant rules. First, a Brownie exchanges NIDSs' load status and transfers some rules from overloaded to light-loaded NIDSs, which prevents the overloaded NIDSs from bottlenecking the network. Second, if some NIDSs in a network path enable the same rules, a Brownie eliminates the redundant rules, which reduces the aggregate overhead of the NIDSs. The experimental results with a university full-packet trace suggest that Brownies successfully offloads overloaded NIDS and eliminates redundant rules.",
author = "Miyuki Hanaoka and Kenji Kono and Toshio Hirotsu",
year = "2009",
doi = "10.1109/CNSR.2009.48",
language = "English",
isbn = "9780769536491",
pages = "262--269",
booktitle = "Proceedings of the 7th Annual Communication Networks and Services Research Conference, CNSR 2009",

}

TY - GEN

T1 - Performance improvement by means of collaboration between network intrusion detection systems

AU - Hanaoka, Miyuki

AU - Kono, Kenji

AU - Hirotsu, Toshio

PY - 2009

Y1 - 2009

N2 - Because of today's increased traffic volume and sophisticated attacks, implementing a network intrusion detection/ prevention system (NIDS/NIPS) with a single workstation has been challenging. In this paper, we propose Brownie, a system for improving performance by means of collaboration between already-existing NIDSs, instead of installing one expensive hardware or parallel NIDS at a network entry point. Our Brownie achieves performance improvement by 1) offloading overloaded NIDS, and 2) eliminating redundant rules. First, a Brownie exchanges NIDSs' load status and transfers some rules from overloaded to light-loaded NIDSs, which prevents the overloaded NIDSs from bottlenecking the network. Second, if some NIDSs in a network path enable the same rules, a Brownie eliminates the redundant rules, which reduces the aggregate overhead of the NIDSs. The experimental results with a university full-packet trace suggest that Brownies successfully offloads overloaded NIDS and eliminates redundant rules.

AB - Because of today's increased traffic volume and sophisticated attacks, implementing a network intrusion detection/ prevention system (NIDS/NIPS) with a single workstation has been challenging. In this paper, we propose Brownie, a system for improving performance by means of collaboration between already-existing NIDSs, instead of installing one expensive hardware or parallel NIDS at a network entry point. Our Brownie achieves performance improvement by 1) offloading overloaded NIDS, and 2) eliminating redundant rules. First, a Brownie exchanges NIDSs' load status and transfers some rules from overloaded to light-loaded NIDSs, which prevents the overloaded NIDSs from bottlenecking the network. Second, if some NIDSs in a network path enable the same rules, a Brownie eliminates the redundant rules, which reduces the aggregate overhead of the NIDSs. The experimental results with a university full-packet trace suggest that Brownies successfully offloads overloaded NIDS and eliminates redundant rules.

UR - http://www.scopus.com/inward/record.url?scp=67650308449&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=67650308449&partnerID=8YFLogxK

U2 - 10.1109/CNSR.2009.48

DO - 10.1109/CNSR.2009.48

M3 - Conference contribution

AN - SCOPUS:67650308449

SN - 9780769536491

SP - 262

EP - 269

BT - Proceedings of the 7th Annual Communication Networks and Services Research Conference, CNSR 2009

ER -