Skip to main content
SpringerLink
Log in

Parallel Optimization Technology for Backbone Network Intrusion Detection System

  • Conference paper
Computational Intelligence and Security (CIS 2005)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 3802))

Included in the following conference series:

  • 887 Accesses

Abstract

Network intrusion detection system (NIDS) is an active field of research. With the rapidly increasing network speed, the capability of the NIDS sensors limits the ability of the system. The problem is more serious for the backbone network intrusion detection system (BNIDS). In this paper, we apply parallel optimization technologies to BNIDS using 4-way SMP server as the target system. After analyzing and testing the defects of the existed system in common use, the optimization policies of using fine-grained schedule mechanism at connection level and avoiding lock operations in thread synchronization are issued for the improved system. Through performance evaluation, the improved system shows more than 25 percent improvement in CPU utilization rate compared with the existed system, and good scalability.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Christopher, K., Fredrik, V., Giovanni, V., Richard, K.: Stateful Intrusion Detection for High-Speed Networks. In: Proceedings of the IEEE Symposium on Security and Privacy, Los Alamitos, Calif. (2002)

    Google Scholar 

  2. Simon, E.: Vulnerabilities of Network Intrusion Detection Systems: Realizing and Overcomign the Risks – The Case for Flow Mirroring. Top Layer Networks (2002)

    Google Scholar 

  3. Lambert, S., Kyle, W., Curt, F.: SPANIDS: A Scalable Network Intrusion Detection Loadbalancer. In: Conf. Computing Frontiers, Ischia, Italy, pp. 315–322 (2005)

    Google Scholar 

  4. IDP 1000/1100. Juniper Networks, http://www.juniper.net/products/

  5. RealSecure Network Gigabit. ISS, http://www.iss.net/products_services/enterprise_protection/rsnetwork/gigabitsensor.php

  6. Top Layer Networks, http://www.toplayer.com/

  7. Xiaoling, Z., Jizhou, S., Shishi, L., Zunce, W.: A Parallel Algorithm for Protocol Reassembling. In: IEEE Canadian Conference on Electrical and Computer Engineering. Montreal (2003)

    Google Scholar 

  8. Spyros, A., Kostas, G.A., Evangelos, P.M., Michalis, P.: Performance Analysis of Content Matching Intrusion Detection Systems. In: Proceedings of the IEEE/IPSJ Symposium on Applications and the Internet. Tokyo (2004)

    Google Scholar 

  9. Rong-Tai, L., Nen-Fu, H., Chin-Hao, C., Chia-Nan, K.: A Fast String-matching Algorithm for Network Processor-based Intrusion Detection System. ACM Transactions on Embedded Computing System 3(3) (2004)

    Google Scholar 

  10. Vtune Performance Analyzer, http://www.intel.com/software/products/

  11. OProfile, http://sourceforge.net/projects/oprofile/

  12. SPECWeb99 Benchmark, http://www.spec.org/osg/web99/

  13. David, M., Tai, J.: Httperf: A Tool for Measuring Web Server Performance. In: Proceedings of the SIGMETRICS Workshop on Internet Server Performance. Madison (1998)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. National Research Center for Intelligent Computing Systems, Institute of Computing Technology, Chinese Academy of Sciences, P.O. Box 2704, Beijing, 100080, China

    Xiaojuan Sun, Xinliang Zhou, Ninghui Sun & Mingyu Chen

Authors
  1. Xiaojuan Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xinliang Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ninghui Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mingyu Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Microelectronic Instiute, Xidian University, 710071, Xi’an, China

    Yue Hao

  2. Department of Computer Science, Hong Kong Baptist University, Kowloon Tong, Hong Kong

    Jiming Liu

  3. School of Computer Science and Technology, Xidian University, Xi’an, China

    Yu-Ping Wang

  4. Department of Computer Science, Hong Kong Baptist University, Hong Kong,  

    Yiu-ming Cheung

  5. School of Electrical and Electronic Engineering, University of Manchester, UK

    Hujun Yin

  6. Life Science Research Center, School of Electronic Engineering, Xidian University, 710071, Xi’an, Shaanxi, China

    Licheng Jiao

  7. Key Laboratory of Computer Networks and Information Security(Ministry of Education), Xidian University, 710071, Xi’an, China

    Jianfeng Ma

  8. National Laboratory of Antennas and Microwave Technology, Xidian University, 710071, Xi’an, Shanxi, P.R. China

    Yong-Chang Jiao

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Sun, X., Zhou, X., Sun, N., Chen, M. (2005). Parallel Optimization Technology for Backbone Network Intrusion Detection System. In: Hao, Y., et al. Computational Intelligence and Security. CIS 2005. Lecture Notes in Computer Science(), vol 3802. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11596981_48

Download citation

  • DOI: https://doi.org/10.1007/11596981_48

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-30819-5

  • Online ISBN: 978-3-540-31598-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation