Title :
An active traffic splitter architecture for intrusion detection
Author :
Charitakis ; Anagnostakis, K. ; Markatos, E.
Author_Institution :
Found. for Res. & Technol., Inst. of Comput. Sci., Heraklio, Greece
Abstract :
Scaling network intrusion detection to high network speeds can be achieved using multiple sensors operating in parallel coupled with a suitable load balancing traffic splitter. This paper examines a splitter architecture that incorporates two methods for improving system performance: the first is the use of early filtering where a portion of the packets is processed on the splitter instead of the sensors. The second is the use of locality buffering, where the splitter reorders packets in a way that improves memory access locality on the sensors. Our experiments suggest that early filtering reduces the number of packets to be processed by 32%, giving a 8% increase in sensor performance, while locality buffers improve sensor performance by about 10%. Combined together, the two methods result in an overall improvement of 20% while the performance of the slowest sensor is improved by 14%.
Keywords :
authorisation; resource allocation; sensors; telecommunication security; telecommunication traffic; active traffic splitter architecture; early filtering method; load balancing traffic splitter; locality buffering; memory access improvement; multiple sensor; packet reordering; parallel coupling; scaling network intrusion detection; sensor performance improvement; system performance improvement; Computational Intelligence Society; Computer architecture; Computer science; Filtering; Intrusion detection; Laboratories; Load management; Sensor systems; Telecommunication traffic; Traffic control;
Conference_Titel :
Modeling, Analysis and Simulation of Computer Telecommunications Systems, 2003. MASCOTS 2003. 11th IEEE/ACM International Symposium on
Print_ISBN :
0-7695-2039-1
DOI :
10.1109/MASCOT.2003.1240665
