An active traffic splitter architecture for intrusion detection
作者: I. Charitakis , K. Anagnostakis , E. Markatos
DOI: 10.1109/MASCOT.2003.1240665
关键词:
摘要: Scaling network intrusion detection to high speeds can be achieved using multiple sensors operating in parallel coupled with a suitable load balancing traffic splitter. This paper examines splitter architecture that incorporates two methods for improving system performance: the first is use of early filtering where portion packets processed on instead sensors. The second locality buffering, reorders way improves memory access Our experiments suggest reduces number by 32%, giving 8% increase sensor performance, while buffers improve performance about 10%. Combined together, result an overall improvement 20% slowest improved 14%.
sci-hub.st 参考文章(14)
Andreas Herkersdorf, Gero Dittmann, Network Processor Load Balancing for High-Speed Links ,(2000)
K. G. Anagnostakis, S. Antonatos, E. P. Markatos, M. Polychronakis, E 2 xB: A Domain-Specific String Matching Algorithm for Intrusion Detection. information security conference. pp. 217- 228 ,(2003) , 10.1007/978-0-387-35691-4_19
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)
Pankaj Gupta, Nick McKeown, Packet classification on multiple fields acm special interest group on data communication. ,vol. 29, pp. 147- 160 ,(1999) , 10.1145/316188.316217
C. Partridge, P.P. Carvey, E. Burgess, I. Castineyra, T. Clarke, L. Graham, M. Hathaway, P. Herman, A. King, S. Kohalmi, T. Ma, J. Mcallen, T. Mendez, W.C. Milliken, R. Pettyjohn, J. Rokosz, J. Seeger, M. Sollins, S. Storch, B. Tober, G.D. Troxel, D. Waitzman, S. Winterble, A 50-Gb/s IP router IEEE ACM Transactions on Networking. ,vol. 6, pp. 237- 248 ,(1998) , 10.1109/90.700888
T. V. Lakshman, D. Stiliadis, High-speed policy-based packet forwarding using efficient multi-dimensional range matching acm special interest group on data communication. ,vol. 28, pp. 203- 214 ,(1998) , 10.1145/285237.285283
K.W. Ross, Hash routing for collections of shared Web caches IEEE Network. ,vol. 11, pp. 37- 44 ,(1997) , 10.1109/65.642358
L. Kencl, J.-Y. Le Boudec, Adaptive load sharing for network processors international conference on computer communications. ,vol. 2, pp. 545- 554 ,(2002) , 10.1109/INFCOM.2002.1019299
C. Kruegel, F. Valeur, G. Vigna, R. Kemmerer, Stateful intrusion detection for high-speed network's ieee symposium on security and privacy. pp. 285- 293 ,(2002) , 10.1109/SECPRI.2002.1004378
E.P. Markatos, D.N. Pnevmatikatos, M.D. Flouris, M.G.H. Katevenis, Web-conscious storage management for Web proxies IEEE ACM Transactions on Networking. ,vol. 10, pp. 735- 748 ,(2002) , 10.1109/TNET.2002.804836