An Efficient Hash-Based Load Balancing Scheme to Support Parallel NIDS

  • Nam-Uk Kim
  • Sung-Min Jung
  • Tai-Myoung Chung
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6782)


Today, as the scale of network grows up, a standalone NIDS with only one intrusion detection node is not enough to inspect all traffic. One of the most widely considered solutions to address this problem is to configure parallel NIDS in which multiple intrusion detection nodes work together. A load balancing mechanism enables this configuration by distributing traffic load to several nodes. In the frequently changing environment of today’s network, it is an important issue for load balancing mechanism to distributing traffic equally to each node. Meanwhile, several studies have been made on the load balancing scheme, but they do not satisfy the requirements of load balancing for parallel NIDS. Thus we proposed HLPN (Hash-based Load balancing scheme suitable for Parallel NIDS) which satisfies these requirements. As a result of the performance evaluation, HLPN represented 58% better performance in terms of the fairness of the traffic distribution than static hash-based scheme, and gave almost equal, or rather better, performance to that of DHFV.


NIDS Load Balancing Hash-based Load balancing 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Schaelicke, L., Wheeler, K., Freeland, C.: SPANIDS: a Scalable Network Intrusion Detecion Loadbalancer. In: 2nd Conference on Computing Frontiers, pp. 315–322. ACM, New York (2005)Google Scholar
  2. 2.
    Jo, J.-Y., Kim, Y.-H., Chao, H.J., Merat, F.: Internet Traffic Load Balancing using Dynamic Hashing with Flow Volume. In: Proceeding of SPIE ITCom, Boston, vol. 4865, pp. 154–165 (2002)Google Scholar
  3. 3.
    Williamson, C.: Internet Traffic Measurement. IEEE Internet Computing 5, 70–74 (2001)CrossRefGoogle Scholar
  4. 4.
    Dittmann, G., Herkersdorf, A.: Network Processor Load Balancing for High-Speed Links. In: SPECTS 2002, San Diego, pp. 727–735 (2002)Google Scholar
  5. 5.
    Vallentin, M., Sommer, R., Lee, J., Leres, C., Paxson, V., Tierney, B.: The NIDS Cluster: Scalable, Stateful Network Intrusion Detection on Commodity Hardware. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol. 4637, pp. 107–126. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  6. 6.
    Vigna, G., Kemmerer, R.: NetSTAT: A Network-based Intrusion Detection System. Journal of Computer Security 7, IOS PressGoogle Scholar
  7. 7.
    Porras, P., Neumann, P.: EMERALD: Event Monitoring Enabled Response to Anomalous ive Disturbances. In: Proceeding of the 20th National Information Systems Security Conference, pp. 353–365 (1997)Google Scholar
  8. 8.
    Blanc, M., Oudot, L., Glaume, V.: Global Intrusion Detection: Prelude Hybrid IDS. Technical report (2003)Google Scholar
  9. 9.
    Cao, Z., Wang, Z., Zegura, E.W.: Performance of Hashing-based Schemes for Internet Load Balancing. In: IEEE INFOCOM 2000, Israel, vol. 1, pp. 332–341 (2000)Google Scholar
  10. 10.
    Martin, R., Menth, M., Hemmkeppler, M.: Accuracy and Dynamics of Hash-based Load Balancing Algorithms for Multipath Internet Routing. In: IEEE International Conference on Broadband Communication, Networks and Systems (BROADNETS), San Jose (2006)Google Scholar
  11. 11.
    Shi, W., MacGregor, M.H., Gburzynski, P.: Load Balancing for Parallel Forwarding. IEEE/ACM Transactions on Networking (TON) 13, 790–801 (2005)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Nam-Uk Kim
    • 1
  • Sung-Min Jung
    • 1
  • Tai-Myoung Chung
    • 1
  1. 1.Internet Management Technology Laboratory, Department of Computer EngineeringSchool of Information and Communication Engineering, Sungkyunkwan UniversitySuwon-si, Gyeonggi-doRepublic of Korea

Personalised recommendations