Abstract
The virtualization concept was developed a few decades back to facilitate the sharing of expensive and robust main-frame hardware among different applications. In the current scenario, virtualization has gone through a conceptual transformation from cost effectiveness to resource sharing. The research community has found virtualization to be reliable, multipurpose and adaptable. This has enabled a single system to dynamically map its resources among multiple instances of operating systems running numerous applications. The concept has been adopted on platforms dealing with network performance, application analysis, system design, network security and storage issues. This research work has focussed on analysing the efficacy of the virtualization concept for Network Intrusion Detection Systems (NIDS) in the high-speed environment. We have selected an open source NIDS, Snort for evaluation. Snort has been evaluated on virtual systems built on Windows XP SP2, Linux 2.6 and Free BSD 7.1 platforms. The test-bench is considered to be extremely sophisticated, ensuring current day network requirements. The evaluation has been targeted at the packet-handling capacity of operating systems/ applications (Snort) under different traffic conditions and on similar hardware platforms. Our results have identified a strong performance limitation of NIDS running on virtual platforms. It can be easily ascertained that virtual platforms are not ideal for NIDS in high-speed environments. Finally, the analysis has also identified the factors responsible for the unsatisfactory performance of IDS (Snort) on a virtual platform.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Singh, A.: An Introduction to Virtualization, http://www.kernelthread.com/publications/virtualization
Business value of virtualization: Realizing the benefits of integrated solutions, http://h18000.www1.hp.com/products/servers/management/vse/Biz_Virtualization_WhitePaper.pdf
Virtualization, http://www.windowsecurity.com/whitepapers/Virtualization.html
Inella, P.: An Introduction to IDS, http://www.securityfocus.com/infocus/1520
Shannon, C., Moore, D.: The spread of the Witty Worm. IEEE Security and Privacy 2(4), 46–50 (2004)
Buffer overflow, http://www.mcafee.com/us/local_content/white_papers/wp_ricochetbriefbuffer.pdf
The spread of Witty worms, http://www.caida.org/research/security/witty
Snort, http://www.Snort.org/
Baker, A.R., Esler, J.: Snort IDS and IPS Toolkit, Syngress, Canada (2007)
Alserhani, F., Akhlaq, M., Awan, I., Cullen, A., Mellor, J., Mirchandani, P.: Evaluating Intrusion Detection Systems in High Speed Networks. In: Fifth International Conference of Information Assurance and Security (IAS 2009). IEEE Computer Society, Los Alamitos (in press, 2009)
VMware Server, http://www.vmware.com/products/server/
Windows Server (2008), http://www.microsoft.com/windowsserver2008/en/us/default.aspx
Windows XP SP2, http://www.softwarepatch.com/windows/xpsp2.html
Linux 2.6, http://www.kernel.org/
Free BSD 7.1, http://www.freebsd.org/where.html
Xu, J., Zhao, M., Fortes, J.A.B., Carpenter, R., Yousif, M.: On the Use of Fuzzy Modelling in Virtualized Data Center Management. In: Proceedings of 4th International Conference on Autonomic Computing, ICAC 2007 (June 2007)
Virtualization and disk performance /pdf/Virtualization_, http://files.diskeeper.comPerformance.pdf
Schneider, F., Wallerich, J., Feldmann, A.: Packet capture in 10-gigabit ethernet environments using contemporary commodity hardware. In: Uhlig, S., Papagiannaki, K., Bonaventure, O. (eds.) PAM 2007. LNCS, vol. 4427, pp. 207–217. Springer, Heidelberg (2007)
Optimizing network infrastructure for virtualization, http://www.dell.com/downloads/global/power/ps3q08-20080375-Intel.pdf
Salim, J.H., Olsson, R., Kuznetsov, A.: Beyond Softnet. In: Proceedings of USENIX 2001, November 2001, pp. 165–172 (2001)
Deri, L.: Improving Passive Packet Capture: Beyond Device Polling. In: Proceedings of the 4th International System Administration and Network Engineering Conference, Amsterdam (September 2004)
Biswas, A., Sinha, P.: A high performance packet capturing support for Alarm Management Systems. In: 17th International conference on Parallel and Distributed Computing and Systems (PDCS), Phoenix (2005)
Salah, K., El-Badawi, K.: Performance Evaluation of Interrupt-Driven Kernels in Gigabit Networks. In: The IEEE Global Telecommunications Conference, GLOECOM 2003, December 2003, pp. 3953–3957 (2003)
ProCurve Series 2900 switch, http://www.hp.com/rnd/products/switches/HP_ProCurve
LAN Traffic V 2, http://www.topshareware.com/lan-traffic-v2/downloads/1.html
D-ITG V 2.6, http://www.grid.unina.it/Traffic/index.php
Berkley Packet Filter, http://www.freebsd.org/releases/7.1R/relnotes.htm
SATA Technology, http://www.serialata.org/
Disk Queue Length Counter, http://www.windowsnetworking.com/articles_tutorials/Windows-Server-2003-PerfTuning.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Akhlaq, M., Alserhani, F., Awan, I.U., Mellor, J., Cullen, A.J., Mirchandani, P. (2010). Virtualization Efficacy for Network Intrusion Detection Systems in High Speed Environment. In: Weerasinghe, D. (eds) Information Security and Digital Forensics. ISDF 2009. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 41. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11530-1_4
Download citation
DOI: https://doi.org/10.1007/978-3-642-11530-1_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-11529-5
Online ISBN: 978-3-642-11530-1
eBook Packages: Computer ScienceComputer Science (R0)