Advertisement

Virtualization in Network Intrusion Detection Systems

  • Monis Akhlaq
  • Faeiz Alserhani
  • Irfan U. Awan
  • Andrea J. Cullen
  • John Mellor
  • Pravin Mirchandani
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5872)

Abstract

This research work has focussed on analysing the efficacy of the virtualization concept for Network Intrusion Detection Systems (NIDS) in the high-speed environment. We have selected an open source NIDS, Snort for evaluation. Snort has been evaluated on virtual systems built on Windows XP SP2, Linux 2.6 and Free BSD 7.1 platforms. Our results have identified a strong performance limitation of NIDS running on virtual platforms. This can be concluded that virtualization is not an ideal solution for NIDS in high-speed environments.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
  2. 2.
    Baker, A.R., Esler, J.: Snort IDS and IPS Toolkit. Syngress, Canada (2007)Google Scholar
  3. 3.
    Akhlaq, M., et al.: Virtualization Efficacy for NIDS in High Speed Environments. In: Information Security and Digital Forensics Conference 2009 to be held in City University London, September 7-8 (in press, 2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Monis Akhlaq
    • 1
  • Faeiz Alserhani
    • 1
  • Irfan U. Awan
    • 1
  • Andrea J. Cullen
    • 1
  • John Mellor
    • 1
  • Pravin Mirchandani
    • 2
  1. 1.Informatics Research InstituteUniversity of BradfordBradfordUnited Kingdom
  2. 2.Syphan Technologies 

Personalised recommendations