Load Balancing for High Speed Parallel Network Intrusion Detection

Master's Thesis

Abstract

Network intrusion detection systems (NIDS) are deployed near network gateways to analyze all traffic entering or leaving the network. The traffic at such locations is frequently transmitted in such volumes and speeds that a commodity computer quickly becomes overwhelmed. NIDS must be able to handle all of the traffic available. The SPANIDS platformaddresses this problem with a custom hardware load balancer that spreads traffic over several NIDS sensors. The load balancer ensures that sensors do not become overloaded by shifting traffic between sensors while maintaining network flow continuity when possible. The balancer must be resistant to attacks designed to overwhelm it. This work outlines the design of the SPANIDS load balancer and evaluates its performance using simulation. Several design points are examined, including overload detection, locating overload causes, and several overload avoidance techniques. The simulation results confirm the viability of the SPANIDS architecture for scalable parallel network intrusion detection.

Attributes

Attribute NameValues
URN
  • etd-04122005-140043

Author Kyle Bruce Wheeler
Advisor Doug Thain
Contributor Doug Thain, Committee Member
Contributor Aaron Striegel, Committee Member
Degree Level Master's Thesis
Degree Discipline Computer Science and Engineering
Degree Name MSCSE
Defense Date
  • 2005-03-31

Submission Date 2005-04-12
Country
  • United States of America

Subject
  • FPGA

  • dynamic

  • hash

  • packet loss

  • feedback

Publisher
  • University of Notre Dame

Language
  • English

Record Visibility Public
Content License
  • All rights reserved

Departments and Units

Files

Please Note: You may encounter a delay before a download begins. Large or infrequently accessed files can take several minutes to retrieve from our archival storage system.