NIDS architecture for clusters

Author

Gadaud, Fabrice

Author_Institution

CEA/DIF

fYear

2005

fDate

20-20 May 2005

Firstpage

78

Lastpage

83

Abstract

Intrusion detection is a security concept implemented on networks in various academic and commercial solutions. Most of them rely on sensors dedicated to local area networks or Internet. However clusters rely heavily on networks. Because of their uniformity, they are sensible to attacks: one compromised node can lead to the control of whole cluster. In order to solve such security issues, we purpose a NIDS architecture which addresses the same constraints as a cluster: efficiency, scalability and reliability. It is based on the cluster paradigm. We stress on the facts that network packets must be dispatched according to streams and analysis must be load-balanced at process level. Moreover two types of practical parallel analysis are presented, depending on the type of flows. Finally, we discuss implementations and dimensioning issues

Keywords

resource allocation; security of data; workstation clusters; NIDS architecture; load-balancing; network cluster; network intrusion detection system; network packet dispatching; parallel analysis; security issues; Bandwidth; Computer architecture; Computer network reliability; Computer networks; Costs; Delay; IP networks; Intrusion detection; Local area networks; Scalability;

fLanguage

English

Publisher

ieee

Conference_Titel

Collaborative Technologies and Systems, 2005. Proceedings of the 2005 International Symposium on

Conference_Location

St Louis, MO

Print_ISBN

0-7695-2387-0

Type

conf

DOI

10.1109/ISCST.2005.1553297

Filename

1553297