Network-wide deployment of intrusion detection and prevention systems

Vyas Sekar, Ravishankar Krishnaswamy, Anupam Gupta, Michael K. Reiter

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Traditional efforts for scaling network intrusion detection (NIDS) and intrusion prevention systems (NIPS) have largely focused on a single-vantage-point view. In this paper, we explore an alternative design that exploits spatial, network-wide opportunities for distributing NIDS and NIPS functions. For the NIDS case, we design a linear programming formulation to assign detection responsibilities to nodes while ensuring that no node is overloaded. We describe a prototype NIDS implementation adapted from the Bro system to analyze traffic per these assignments, and demonstrate the advantages that this approach achieves. For NIPS, we show how to maximally leverage specialized hardware (e.g., TCAMs) to reduce the footprint of unwanted traffic on the network. Such hardware constraints make the optimization problem NP-hard, and we provide practical approximation algorithms based on randomized rounding.

Original languageEnglish (US)
Title of host publicationProceedings of the 6th International Conference on Emerging Networking Experiments and Technologies, Co-NEXT'10
DOIs
StatePublished - 2010
Event6th International Conference on Emerging Networking Experiments and Technologies, Co-NEXT'10 - Philadelphia, PA, United States
Duration: Nov 30 2010Dec 3 2010

Publication series

NameProceedings of the 6th International Conference on Emerging Networking Experiments and Technologies, Co-NEXT'10

Conference

Conference6th International Conference on Emerging Networking Experiments and Technologies, Co-NEXT'10
Country/TerritoryUnited States
CityPhiladelphia, PA
Period11/30/1012/3/10

Keywords

  • intrusion detection
  • network management

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture

Fingerprint

Dive into the research topics of 'Network-wide deployment of intrusion detection and prevention systems'. Together they form a unique fingerprint.

Cite this