Correlation-based load balancing for network intrusion detection and prevention systems

Proceedings of the 4th International Conference on Security and Privacy in Communication Networks, SecureComm'08

Volumn , Issue , 2008, Pages

  Le, Anh ^a   Boutaba, Raouf ^a   Al Shaer, Ehab ^b  

^a UNIVERSITY OF WATERLOO   (Canada)

^b DEPAUL UNIVERSITY   (United States)

Author keywords

Intrusion detection; Intrusion prevention; Load balancing

Indexed keywords

DDOS ATTACK; DETECTION ACCURACY; DISTRIBUTED DENIAL OF SERVICE ATTACK; ENTERPRISE NETWORKS; EVALUATION RESULTS; HIGH QUALITY; INFORMATION LOSS; INTRUSION PREVENTION; LOAD BALANCING; LOAD BALANCING PROBLEM; LOAD DISTRIBUTIONS; MULTIPLE NETWORKS; NETWORK INTRUSION DETECTION; OPTIMIZATION PROBLEMS; PORT SCANS;

BALANCING; INTERNET; LOSS PREVENTION; OPTIMIZATION; QUALITY OF SERVICE;

INTRUSION DETECTION;

EID: 70249096351     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1460877.1460880     Document Type: Conference Paper

References (28)

1. C. Aggarwal, J. Han, J. Wang, and P. S. Yu. A framework for clustering evolving data streams. In Proc. of the 29th VLDB, volume 29, pages 81-92, 2003.
2. M. Andreolini, S. Casolari, M. Colajanni, and M. Marchetti. Dynamic load balancing for network intrusion detection systems based on distributed architectures. In NCA '07: Proceedings of the Sixth IEEE Symposium on Network Computing and Applications, pages 153-160, July 2007.
3. B. Caswell, J. Beale, and A. Baker. Snort IDS and IPS Toolkit. Syngress, Mar. 2007.
4. Cisco NIPS, http://tinyurl.com/2nbxbx.
5. E. Cooke, F. Jahanian, and D. Mcpherson. The zombie roundup: Understanding, detecting, and disrupting botnets. In Workshop on Steps to Reducing Unwanted Traffic on the Internet (SRUTI), pages 39-44, June 2005.
6. H. Dreger, A. Feldmann, V. Paxson, and R. Sommer. Operational experiences with high-volume network intrusion detection. In CCS '04: Proceedings of the 11th ACM conference on Computer and communications security, pages 2-11, New York, NY, USA, 2004. ACM.
7. J. M. Gonzalez, V. Paxson, and N. Weaver. Shunting: a hardware/software architecture for flexible, high-performance network intrusion prevention. In CCS '07: Proceedings of the 14th ACM conference on Computer and communications security, pages 139-149, New York, NY, USA, 2007. ACM.
8. J. Jung, V. Paxson, A. W. Berger, and H. Balakrishnan. Fast portscan detection using sequential hypothesis testing. In SP '04: Proceedings of the 2004 IEEE Symposium on Security and Privacy, pages 211-225, May 2004.
9. L. Kaufman and P. Rousseeuw. Finding Groups in Data. An Introduction to Cluster Analysis. Wiley, Mar. 1990.
10. C. Kruegel, F. Valeur, G. Vigna, and R. Kemmerer. Stateful intrusion detection for high-speed networks. In Proc. of the IEEE SSP'02, pages 285-293, 2002.
11. Libpcap, http://www.tcpdump.org/.
12. R. Lippmann, D. Fried, I. Graf, J. Haines, K. Kendall, D. McClung, D. Weber, S. Webster, D. Wyschogrod, R. Cunningham, and M. Zissman. Evaluating intrusion detection systems: the 1998 darpa off-line intrusion detection evaluation. In DISCEX '00: Proceedings of DARPA Information Survivability Conference and Exposition, 2000, pages 12-26, 2000.
13. R. Lippmann, J. W. Haines, D. J. Fried, J. Korba, and K. Das. Analysis and results of the 1999 darpa off-line intrusion detection evaluation. In Recent Advances in Intrusion Detection, pages 162-182, 2000.
14. J. McHugh. Testing intrusion detection systems: a critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory. ACM Transactions on Information and System Security, 3(4):262-294, 2000.
15. J. Mirkovic and P. Reiher. A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Computer Communication Review, 34(2):39-53, Apr. 2004.
16. Network Mapper, http://insecure.org/nmap/.
17. Network traces, http://pma.nlanr.net/Special/auck8.html.
18. NIST/SEMATECH e-Handbook of Statistical Methods, http://tinyurl.com/ 645fex.
19. V. Paxson. Bro: a system for detecting network intruders in real-time. Computer Networks (Amsterdam, Netherlands: 1999), 31(23-24):2435-2463, 1999.
20. T. Peng, C. Leckie, and R. Kotagiri. Proactively detecting distributed denial of service attacks using source ip address monitoring. In Proc. of the Third International IFIP-TC6 Networking Conference, pages 771-782, 2004.
21. M. Roesch. Snort - lightweight intrusion detection for networks. In LISA '99: Proceedings of the 13th USENIX conference on System administration, pages 229-238, Berkeley, CA, USA, 1999. USENIX Association.
22. L. Schaelicke, K. Wheeler, and C. Freeland. SPANIDS: A scalable network intrusion detection loadbalancer. In Proc. of the 2nd conference on Computing Frontiers, pages 315-322, 2005.
23. Statistics of the trace captured from 12:00 to 13:00, 12/02/2003, http://tinyurl.com/59yj46.
24. Tcpreplay, http://tcpreplay.synfin.net/trac/.
25. M. Vallentin, R. Sommer, J. Lee, C. Leres, V. Paxson, and B. Tierney. The NIDS cluster: Scalable, stateful network intrusion detection on commodity hardware. In Proc. of the Symp. on RAID'07, Queensland, Australia, Sept. 2007.
26. N. Weaver, V. Paxson, S. Staniford, and R. Cunningham. A taxonomy of computer worms. In WORM '03: Proceedings of the 2003 ACM workshop on Rapid malcode, pages 11-18, New York, NY, USA, 2003. ACM.
27. P. Wheeler and E. Fulp. Taxonomy of parallel techniques for intrusion detection. In Proc. of ACM 45th Southeast Regional Conference, pages 278-282, 2007.
28. K. Xinidis, I. Charitakis, S. Antonatos, K. G. Anagnostakis, and E. P. Markatos. An active splitter architecture for intrusion detection and prevention. IEEE Transactions on Dependable and Secure Computing, 3(1):31-44, Mar. 2006.