Design and analysis of heartbeat protocol in NIDS cluster

Heartbeat mechanism is widely used in designing high availability distributed system, while publish-subscribe architectural style has recently emerged as a promising approach to build a NIDS cluster with high dynamism and plenty of computational resources. In comparison with the requirements of general distributed computing, frontend in NIDS cluster cannot redistribute tasks on nodes failure and parallel stateful intrusion detection additionally requires the integrity of received session packets on analyzers. Therefore, the contradictory requirements of immediate node failure notification and infrequent analyzer status variation should be both considered. In this contribution, we designed one heartbeat protocol with four variations in publish-subscribe framework. By applying probabilistic model checking on the proposed heartbeat protocol, uptime ratio of one node in different variations is computed and compared under different setups. Suggestions on how to choose a suitable heartbeat for a NIDS cluster is described as well.