Skip to main content
SpringerLink
Log in

Smart Logic - Preventing Packet Loss in High Speed Network Intrusion Detection Systems

  • Conference paper
Information Security and Digital Forensics (ISDF 2009)

Included in the following conference series:

Abstract

Network Intrusion Detection Systems (NIDS) have gained substantial importance in today’s network security infrastructure. The performance of these devices in modern day traffic conditions is however found limited. It has been observed that the systems could hardly stand effective for the bandwidth of few hundred mega bits per second. Packet drop has been considered as the major bottleneck in the performance. We have identified a strong performance limitation of an open source Intrusion Detection System (IDS), Snort in [1, 2]. Snort was found dependent on host machine configuration. The response of Snort under heavy traffic conditions has opened a debate on its implementation and usage. We have developed the Smart Logic component to reduce the impact of packet drop in NIDS when subjected to heavy traffic volume. The proposed architecture utilizes packet capturing techniques applied at various processing stages shared between NIDS and packet handling applications. The designed architecture regains the lost traffic by a comparison between the analysed packets and the input stream using Smart Logic. The recaptured packets are then re-evaluated by a serialized IDS mechanism thus reducing impact of packet loss incurred in the routine implementation. The designed architecture has been implemented and tested on a scalable and sophisticated test bench replicating modern day network traffic. Our effort has shown noticeable improvement in the performance of Snort and has significantly improved its detection capacity.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Alserhani, F., Akhlaq, M., Awan, I., Cullen, A., Mellor, J., Mirchandani, P.: Evaluating Intrusion Detection Systems in High Speed Networks. In: Fifth International Conference of Information Assurance and Security (IAS 2009), August 18-20. IEEE Computer Society, Xian (in press, 2009)

    Google Scholar 

  2. Alserhani, F., Akhlaq, M., et al.: Snort Performance Evaluation. In: Proceedings of Twenty Fifth UK Performance Engineering Workshop (UKPEW 2009), Leeds, UK, July 6-7 (2009)

    Google Scholar 

  3. Kazienko, P., Dorosz, P.: Intrusion detection systems (IDS) Part 2 - Classification; methods; techniques (2004)

    Google Scholar 

  4. Tessel, J.D., Young, S., Linder, F.: The Hackers Handbook. Auerbach Publications, New York (2004)

    Google Scholar 

  5. Krugel, C., Valeur, F., vigna, G., Kemmerer, R.: Stateful Intrusion Detection for High Speed Networks. In: Proceedings of IEEE Symposium on Security and Privacy, Oakland, CA, May 2002, pp. 285–293 (2002)

    Google Scholar 

  6. Fischini, L., Thapial, A.V., Cavallaro, L., Kruegel, C., Vigna, G.: A Parallel Architecture for Stateful, High-Speed Intrusion Detection. In: Proceedings of fourth International Conference on Information system security, Hyderabad, India, pp. 203–220 (2008)

    Google Scholar 

  7. Xinidis, K., Charitakis, I., Antonatos, S., Anagnostakis, K.G., Markatos, E.P.: An Active Splitter Architecture for Intrusion Detection and Prevention. IEEE Trans. Dependable Sec. Computer 3(1), 31–44 (2006)

    Article  Google Scholar 

  8. RDBMS, http://www.databasedir.com/what-is-rdbms

  9. Snort, http://www.Snort.org

  10. Baker, A.R., Esler, J.: Snort IDS and IPS Toolkit, Syngress, Canada (2007)

    Google Scholar 

  11. Sharp PCap, http://www.chrishowie.com/pcap-sharp

  12. C Sharp, http://en.wikipedia.org/wiki/C_Sharp

  13. VB.net, http://vb.net

  14. Boo, http://boo.codehaus.org

  15. Microsoft.Net, http://www.microsoft.com/NET

  16. MONO, http://mono-project.com/Main_Page

  17. VMware Server, http://www.vmware.com/products/server

  18. LAN Traffic V 2, http://www.topshareware.com/lan-traffic-v2/downloads/1.html

  19. D-ITG V 2.6, http://www.grid.unina.it/Traffic/index.php

Download references

Author information

Authors and Affiliations

  1. Informatics Research Institute, University of Bradford, Bradford, BD7 1DP, United Kingdom

    Ahsan Subhan, Monis Akhlaq, Faeiz Alserhani, Irfan U. Awan, John Mellor, Andrea J. Cullen & Pravin Mirchandani

  2. Syphan Technologies (www.Syphan.com), India

    Pravin Mirchandani

Authors
  1. Ahsan Subhan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Monis Akhlaq
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Faeiz Alserhani
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Irfan U. Awan
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. John Mellor
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Andrea J. Cullen
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Pravin Mirchandani
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Engineering and Mathematical Sciences Northampton Square, City University, EC1V 0HB, London, United Kingdom

    Dasun Weerasinghe

Rights and permissions

Reprints and permissions

Copyright information

© 2010 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Subhan, A. et al. (2010). Smart Logic - Preventing Packet Loss in High Speed Network Intrusion Detection Systems. In: Weerasinghe, D. (eds) Information Security and Digital Forensics. ISDF 2009. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 41. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11530-1_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-11530-1_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-11529-5

  • Online ISBN: 978-3-642-11530-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation