Abstract
Network Intrusion Detection Systems (NIDS) have gained substantial importance in today’s network security infrastructure. The performance of these devices in modern day traffic conditions is however found limited. It has been observed that the systems could hardly stand effective for the bandwidth of few hundred mega bits per second. Packet drop has been considered as the major bottleneck in the performance. We have identified a strong performance limitation of an open source Intrusion Detection System (IDS), Snort in [1, 2]. Snort was found dependent on host machine configuration. The response of Snort under heavy traffic conditions has opened a debate on its implementation and usage. We have developed the Smart Logic component to reduce the impact of packet drop in NIDS when subjected to heavy traffic volume. The proposed architecture utilizes packet capturing techniques applied at various processing stages shared between NIDS and packet handling applications. The designed architecture regains the lost traffic by a comparison between the analysed packets and the input stream using Smart Logic. The recaptured packets are then re-evaluated by a serialized IDS mechanism thus reducing impact of packet loss incurred in the routine implementation. The designed architecture has been implemented and tested on a scalable and sophisticated test bench replicating modern day network traffic. Our effort has shown noticeable improvement in the performance of Snort and has significantly improved its detection capacity.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Alserhani, F., Akhlaq, M., Awan, I., Cullen, A., Mellor, J., Mirchandani, P.: Evaluating Intrusion Detection Systems in High Speed Networks. In: Fifth International Conference of Information Assurance and Security (IAS 2009), August 18-20. IEEE Computer Society, Xian (in press, 2009)
Alserhani, F., Akhlaq, M., et al.: Snort Performance Evaluation. In: Proceedings of Twenty Fifth UK Performance Engineering Workshop (UKPEW 2009), Leeds, UK, July 6-7 (2009)
Kazienko, P., Dorosz, P.: Intrusion detection systems (IDS) Part 2 - Classification; methods; techniques (2004)
Tessel, J.D., Young, S., Linder, F.: The Hackers Handbook. Auerbach Publications, New York (2004)
Krugel, C., Valeur, F., vigna, G., Kemmerer, R.: Stateful Intrusion Detection for High Speed Networks. In: Proceedings of IEEE Symposium on Security and Privacy, Oakland, CA, May 2002, pp. 285–293 (2002)
Fischini, L., Thapial, A.V., Cavallaro, L., Kruegel, C., Vigna, G.: A Parallel Architecture for Stateful, High-Speed Intrusion Detection. In: Proceedings of fourth International Conference on Information system security, Hyderabad, India, pp. 203–220 (2008)
Xinidis, K., Charitakis, I., Antonatos, S., Anagnostakis, K.G., Markatos, E.P.: An Active Splitter Architecture for Intrusion Detection and Prevention. IEEE Trans. Dependable Sec. Computer 3(1), 31–44 (2006)
Snort, http://www.Snort.org
Baker, A.R., Esler, J.: Snort IDS and IPS Toolkit, Syngress, Canada (2007)
Sharp PCap, http://www.chrishowie.com/pcap-sharp
C Sharp, http://en.wikipedia.org/wiki/C_Sharp
VB.net, http://vb.net
Microsoft.Net, http://www.microsoft.com/NET
VMware Server, http://www.vmware.com/products/server
LAN Traffic V 2, http://www.topshareware.com/lan-traffic-v2/downloads/1.html
D-ITG V 2.6, http://www.grid.unina.it/Traffic/index.php
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Subhan, A. et al. (2010). Smart Logic - Preventing Packet Loss in High Speed Network Intrusion Detection Systems. In: Weerasinghe, D. (eds) Information Security and Digital Forensics. ISDF 2009. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 41. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11530-1_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-11530-1_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-11529-5
Online ISBN: 978-3-642-11530-1
eBook Packages: Computer ScienceComputer Science (R0)