An Efficient Hash-Based Load Balancing Scheme to Support Parallel NIDS
Today, as the scale of network grows up, a standalone NIDS with only one intrusion detection node is not enough to inspect all traffic. One of the most widely considered solutions to address this problem is to configure parallel NIDS in which multiple intrusion detection nodes work together. A load balancing mechanism enables this configuration by distributing traffic load to several nodes. In the frequently changing environment of today’s network, it is an important issue for load balancing mechanism to distributing traffic equally to each node. Meanwhile, several studies have been made on the load balancing scheme, but they do not satisfy the requirements of load balancing for parallel NIDS. Thus we proposed HLPN (Hash-based Load balancing scheme suitable for Parallel NIDS) which satisfies these requirements. As a result of the performance evaluation, HLPN represented 58% better performance in terms of the fairness of the traffic distribution than static hash-based scheme, and gave almost equal, or rather better, performance to that of DHFV.
KeywordsNIDS Load Balancing Hash-based Load balancing
Unable to display preview. Download preview PDF.
- 1.Schaelicke, L., Wheeler, K., Freeland, C.: SPANIDS: a Scalable Network Intrusion Detecion Loadbalancer. In: 2nd Conference on Computing Frontiers, pp. 315–322. ACM, New York (2005)Google Scholar
- 2.Jo, J.-Y., Kim, Y.-H., Chao, H.J., Merat, F.: Internet Traffic Load Balancing using Dynamic Hashing with Flow Volume. In: Proceeding of SPIE ITCom, Boston, vol. 4865, pp. 154–165 (2002)Google Scholar
- 4.Dittmann, G., Herkersdorf, A.: Network Processor Load Balancing for High-Speed Links. In: SPECTS 2002, San Diego, pp. 727–735 (2002)Google Scholar
- 6.Vigna, G., Kemmerer, R.: NetSTAT: A Network-based Intrusion Detection System. Journal of Computer Security 7, IOS PressGoogle Scholar
- 7.Porras, P., Neumann, P.: EMERALD: Event Monitoring Enabled Response to Anomalous ive Disturbances. In: Proceeding of the 20th National Information Systems Security Conference, pp. 353–365 (1997)Google Scholar
- 8.Blanc, M., Oudot, L., Glaume, V.: Global Intrusion Detection: Prelude Hybrid IDS. Technical report (2003)Google Scholar
- 9.Cao, Z., Wang, Z., Zegura, E.W.: Performance of Hashing-based Schemes for Internet Load Balancing. In: IEEE INFOCOM 2000, Israel, vol. 1, pp. 332–341 (2000)Google Scholar
- 10.Martin, R., Menth, M., Hemmkeppler, M.: Accuracy and Dynamics of Hash-based Load Balancing Algorithms for Multipath Internet Routing. In: IEEE International Conference on Broadband Communication, Networks and Systems (BROADNETS), San Jose (2006)Google Scholar