The NIDS Cluster: Scalable, Stateful Network Intrusion Detection on Commodity Hardware

  • Matthias Vallentin
  • Robin Sommer
  • Jason Lee
  • Craig Leres
  • Vern Paxson
  • Brian Tierney
Conference paper

DOI: 10.1007/978-3-540-74320-0_6

Part of the Lecture Notes in Computer Science book series (LNCS, volume 4637)
Cite this paper as:
Vallentin M., Sommer R., Lee J., Leres C., Paxson V., Tierney B. (2007) The NIDS Cluster: Scalable, Stateful Network Intrusion Detection on Commodity Hardware. In: Kruegel C., Lippmann R., Clark A. (eds) Recent Advances in Intrusion Detection. RAID 2007. Lecture Notes in Computer Science, vol 4637. Springer, Berlin, Heidelberg

Abstract

In this work we present a NIDS cluster as a scalable solution for realizing high-performance, stateful network intrusion detection on commodity hardware. The design addresses three challenges: (i)  distributing traffic evenly across an extensible set of analysis nodes in a fashion that minimizes the communication required for coordination, (ii)  adapting the NIDS’s operation to support coordinating its low-level analysis rather than just aggregating alerts; and (iii)  validating that the cluster produces sound results. Prototypes of our NIDS cluster now operate at the Lawrence Berkeley National Laboratory and the University of California at Berkeley. In both environments the clusters greatly enhance the power of the network security monitoring.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Matthias Vallentin
    • 3
  • Robin Sommer
    • 2
    • 1
  • Jason Lee
    • 2
  • Craig Leres
    • 2
  • Vern Paxson
    • 1
    • 2
  • Brian Tierney
    • 2
  1. 1.International Computer Science Institute 
  2. 2.Lawrence Berkeley National Laboratory 
  3. 3.TU München 

Personalised recommendations