Paper Info
Title
A dynamic and scalable parallel Network Intrusion Detection System using intelligent rule ordering and Network Function Virtualization
Abstract
A Network Intrusion Detection System (NIDS) is a fundamental security tool. However, under heavy network traffic, a NIDS might become a bottleneck. In an overloaded state, incoming and outgoing packets in the network might suffer from long delays since previous packets are still being inspected, and eventually the NIDS starts to drop packets when it runs out of hardware resources. Although many solutions have been suggested in the literature to counter this problem, they are not completely reliable as each of them has limitations. This paper investigates the design of a lightweight elastic architecture which allows parallel processing in an existing NIDS while maintaining the filtering integrity. Furthermore, we propose two adaptive algorithms which dynamically adjust and divide the signature rules evenly across NIDS nodes using a node level parallelism method in order to achieve intelligent rule ordering. We test our approaches in real-life settings by implementing a functioning prototype involving different modern networking technologies. The prototype presented is a Network Function Virtualization (NFV) of an intrusion detection system which utilizes Open vSwitch and Docker containers running Snort in order to provide an elastic system. To the best of our knowledge, there has been no work that orchestrates both scaling and rule splitting and re-ordering of IDS signatures as a part of a holistic elastic IDS solution.
Year
DOI
Venue
2021
10.1016/j.future.2021.05.037
Future Generation Computer Systems
Keywords
DocType
Volume
Network Intrusion Detection Systems (NIDS),Elastic architecture,Rule distribution,Network Function Virtualization (NFV)
Journal
124
ISSN
Citations 
PageRank 
0167-739X
0
0.34
References 
Authors
1
4
Name
Order
Citations
PageRank
Hårek Haugerud1395.90
Huy Nhut Tran200.34
Nadjib Aitsaadi300.34
Anis Yazidi418247.25