Abstract
Today, as the scale of network grows up, a standalone NIDS with only one intrusion detection node is not enough to inspect all traffic. One of the most widely considered solutions to address this problem is to configure parallel NIDS in which multiple intrusion detection nodes work together. A load balancing mechanism enables this configuration by distributing traffic load to several nodes. In the frequently changing environment of today’s network, it is an important issue for load balancing mechanism to distributing traffic equally to each node. Meanwhile, several studies have been made on the load balancing scheme, but they do not satisfy the requirements of load balancing for parallel NIDS. Thus we proposed HLPN (Hash-based Load balancing scheme suitable for Parallel NIDS) which satisfies these requirements. As a result of the performance evaluation, HLPN represented 58% better performance in terms of the fairness of the traffic distribution than static hash-based scheme, and gave almost equal, or rather better, performance to that of DHFV.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Schaelicke, L., Wheeler, K., Freeland, C.: SPANIDS: a Scalable Network Intrusion Detecion Loadbalancer. In: 2nd Conference on Computing Frontiers, pp. 315–322. ACM, New York (2005)
Jo, J.-Y., Kim, Y.-H., Chao, H.J., Merat, F.: Internet Traffic Load Balancing using Dynamic Hashing with Flow Volume. In: Proceeding of SPIE ITCom, Boston, vol. 4865, pp. 154–165 (2002)
Williamson, C.: Internet Traffic Measurement. IEEE Internet Computing 5, 70–74 (2001)
Dittmann, G., Herkersdorf, A.: Network Processor Load Balancing for High-Speed Links. In: SPECTS 2002, San Diego, pp. 727–735 (2002)
Vallentin, M., Sommer, R., Lee, J., Leres, C., Paxson, V., Tierney, B.: The NIDS Cluster: Scalable, Stateful Network Intrusion Detection on Commodity Hardware. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol. 4637, pp. 107–126. Springer, Heidelberg (2007)
Vigna, G., Kemmerer, R.: NetSTAT: A Network-based Intrusion Detection System. Journal of Computer Security 7, IOS Press
Porras, P., Neumann, P.: EMERALD: Event Monitoring Enabled Response to Anomalous ive Disturbances. In: Proceeding of the 20th National Information Systems Security Conference, pp. 353–365 (1997)
Blanc, M., Oudot, L., Glaume, V.: Global Intrusion Detection: Prelude Hybrid IDS. Technical report (2003)
Cao, Z., Wang, Z., Zegura, E.W.: Performance of Hashing-based Schemes for Internet Load Balancing. In: IEEE INFOCOM 2000, Israel, vol. 1, pp. 332–341 (2000)
Martin, R., Menth, M., Hemmkeppler, M.: Accuracy and Dynamics of Hash-based Load Balancing Algorithms for Multipath Internet Routing. In: IEEE International Conference on Broadband Communication, Networks and Systems (BROADNETS), San Jose (2006)
Shi, W., MacGregor, M.H., Gburzynski, P.: Load Balancing for Parallel Forwarding. IEEE/ACM Transactions on Networking (TON) 13, 790–801 (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kim, NU., Jung, SM., Chung, TM. (2011). An Efficient Hash-Based Load Balancing Scheme to Support Parallel NIDS. In: Murgante, B., Gervasi, O., Iglesias, A., Taniar, D., Apduhan, B.O. (eds) Computational Science and Its Applications - ICCSA 2011. ICCSA 2011. Lecture Notes in Computer Science, vol 6782. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21928-3_39
Download citation
DOI: https://doi.org/10.1007/978-3-642-21928-3_39
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21927-6
Online ISBN: 978-3-642-21928-3
eBook Packages: Computer ScienceComputer Science (R0)