An Active Traffic Splitter Architecture for Intrusion Detection

	This Article
	Subscribers, please Login Purchase article: $19 PDF RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by I. Charitakis Articles by K. Anagnostakis Articles by E. Markatos

11th IEEE International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunications Systems (MASCOTS'03)

Orlando, Florida

October 12-October 15

ISBN: 0-7695-2039-1

	ASCII Text	x
	I. Charitakis, K. Anagnostakis, E. Markatos, "An Active Traffic Splitter Architecture for Intrusion Detection," Modeling, Analysis, and Simulation of Computer Systems, International Symposium on, pp. 238, 11th IEEE International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunications Systems (MASCOTS'03), 2003.

	BibTex	x
	@article{ 10.1109/MASCOT.2003.1240665, author = {I. Charitakis and K. Anagnostakis and E. Markatos}, title = {An Active Traffic Splitter Architecture for Intrusion Detection}, journal ={Modeling, Analysis, and Simulation of Computer Systems, International Symposium on}, volume = {0}, year = {2003}, issn = {1526-7539}, pages = {238}, doi = {http://doi.ieeecomputersociety.org/10.1109/MASCOT.2003.1240665}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Modeling, Analysis, and Simulation of Computer Systems, International Symposium on TI - An Active Traffic Splitter Architecture for Intrusion Detection SN - 1526-7539 SP EP A1 - I. Charitakis, A1 - K. Anagnostakis, A1 - E. Markatos, PY - 2003 KW - null VL - 0 JA - Modeling, Analysis, and Simulation of Computer Systems, International Symposium on ER -

I. Charitakis, Institute of Computer Science

K. Anagnostakis, Distributed Systems Laboratory

E. Markatos, Institute of Computer Science

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MASCOT.2003.1240665

Scaling network intrusion detection to high network speeds can be achieved using multiple sensors operating in parallel coupled with a suitable load balancing traffic splitter. This paper examines a splitter architecture that incorporates two methods for improving system performance: the first is the use of early filtering where a portion of the packets is processed on the splitter instead of the sensors. The second is the use of locality buffering, where the splitter reorders packets in a way that improves memory access locality on the sensors. Our experiments suggest that early filtering reduces the number of packets to be processed by 32%, giving a 8% increase in sensor performance, while locality buffers improve sensor performance by about 10%. Combined together, the two methods result in an overall improvement of 20% while the performance of the slowest sensor is improved by 14%.

Citation:

I. Charitakis, K. Anagnostakis, E. Markatos, "An Active Traffic Splitter Architecture for Intrusion Detection," mascots, pp.238, 11th IEEE International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunications Systems (MASCOTS'03), 2003

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.