Virtualization in Network Intrusion Detection Systems
This research work has focussed on analysing the efficacy of the virtualization concept for Network Intrusion Detection Systems (NIDS) in the high-speed environment. We have selected an open source NIDS, Snort for evaluation. Snort has been evaluated on virtual systems built on Windows XP SP2, Linux 2.6 and Free BSD 7.1 platforms. Our results have identified a strong performance limitation of NIDS running on virtual platforms. This can be concluded that virtualization is not an ideal solution for NIDS in high-speed environments.
Unable to display preview. Download preview PDF.
- 1.Snort, http://www.Snort.org/
- 2.Baker, A.R., Esler, J.: Snort IDS and IPS Toolkit. Syngress, Canada (2007)Google Scholar
- 3.Akhlaq, M., et al.: Virtualization Efficacy for NIDS in High Speed Environments. In: Information Security and Digital Forensics Conference 2009 to be held in City University London, September 7-8 (in press, 2009)Google Scholar