Sciweavers

CCS
2004
ACM

Operational experiences with high-volume network intrusion detection

13 years 9 months ago
Operational experiences with high-volume network intrusion detection
In large-scale environments, network intrusion detection systems (NIDSs) face extreme challenges with respect to traffic volume, traffic diversity, and resource management. While crucial for acceptance and operational deployment, the research literature mainly omits such practical difficulties. In this paper, we offer an evaluation based on extensive operational experience. More specifically, we identify and explore key factors with respect to resource management and efficient packet processing and highlight their impact using a set of real-world traces. On the one hand, these insights help us gauge the trade-offs of tuning a NIDS. On the other hand, they motivate us to explore several novel ways of reducing resource requirements. These enable us to improve the state management considerably as well as balance the processing load dynamically. Overall this enables us to operate a NIDS successfully in our highvolume network environments. Categories and Subject Descriptors: C.2.3 [Co...
Holger Dreger, Anja Feldmann, Vern Paxson, Robin S
Added 01 Jul 2010
Updated 01 Jul 2010
Type Conference
Year 2004
Where CCS
Authors Holger Dreger, Anja Feldmann, Vern Paxson, Robin Sommer
Comments (0)