TY - GEN
T1 - Network-wide deployment of intrusion detection and prevention systems
AU - Sekar, Vyas
AU - Krishnaswamy, Ravishankar
AU - Gupta, Anupam
AU - Reiter, Michael K.
PY - 2010
Y1 - 2010
N2 - Traditional efforts for scaling network intrusion detection (NIDS) and intrusion prevention systems (NIPS) have largely focused on a single-vantage-point view. In this paper, we explore an alternative design that exploits spatial, network-wide opportunities for distributing NIDS and NIPS functions. For the NIDS case, we design a linear programming formulation to assign detection responsibilities to nodes while ensuring that no node is overloaded. We describe a prototype NIDS implementation adapted from the Bro system to analyze traffic per these assignments, and demonstrate the advantages that this approach achieves. For NIPS, we show how to maximally leverage specialized hardware (e.g., TCAMs) to reduce the footprint of unwanted traffic on the network. Such hardware constraints make the optimization problem NP-hard, and we provide practical approximation algorithms based on randomized rounding.
AB - Traditional efforts for scaling network intrusion detection (NIDS) and intrusion prevention systems (NIPS) have largely focused on a single-vantage-point view. In this paper, we explore an alternative design that exploits spatial, network-wide opportunities for distributing NIDS and NIPS functions. For the NIDS case, we design a linear programming formulation to assign detection responsibilities to nodes while ensuring that no node is overloaded. We describe a prototype NIDS implementation adapted from the Bro system to analyze traffic per these assignments, and demonstrate the advantages that this approach achieves. For NIPS, we show how to maximally leverage specialized hardware (e.g., TCAMs) to reduce the footprint of unwanted traffic on the network. Such hardware constraints make the optimization problem NP-hard, and we provide practical approximation algorithms based on randomized rounding.
KW - intrusion detection
KW - network management
UR - http://www.scopus.com/inward/record.url?scp=79951700744&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=79951700744&partnerID=8YFLogxK
U2 - 10.1145/1921168.1921192
DO - 10.1145/1921168.1921192
M3 - Conference contribution
AN - SCOPUS:79951700744
SN - 9781450304481
T3 - Proceedings of the 6th International Conference on Emerging Networking Experiments and Technologies, Co-NEXT'10
BT - Proceedings of the 6th International Conference on Emerging Networking Experiments and Technologies, Co-NEXT'10
T2 - 6th International Conference on Emerging Networking Experiments and Technologies, Co-NEXT'10
Y2 - 30 November 2010 through 3 December 2010
ER -