SPANIDS

Lambert Schaelicke, Kyle Wheeler, Curt Freeland
2005 Proceedings of the 2nd conference on Computing frontiers - CF '05  
Network intrusion detection systems (NIDS) are becoming an increasingly important security measure. With rapidly increasing network speeds, the capacity of the NIDS sensor can limit the ability of the system to detect intrusions. The SPANIDS parallel NIDS architecture overcomes this limitation by distributing network traffic load over an array of sensor nodes. Based on a custom hardware load balancer and cost-effective off-the-shelf sensors, the system employs novel stateless load balancing
more » ... load balancing heuristics to thwart scalability limitations. It also uses dynamic feedback from the sensor nodes to adapt to changes in network traffic. This paper describes the overall system architecture, discusses some of the critical design decisions and presents experimental results that demonstrate the performance advantage of this approach.
doi:10.1145/1062261.1062314 dblp:conf/cf/SchaelickeWF05 fatcat:xner754wsjcynncabyrov2rfdq