Virtualization in Network Intrusion Detection Systems

Akhlaq, Monis; Alserhani, Faeiz; Awan, Irfan U.; Cullen, Andrea J.; Mellor, John; Mirchandani, Pravin

doi:10.1007/978-3-642-05290-3_3

Monis Akhlaq¹⁹,
Faeiz Alserhani¹⁹,
Irfan U. Awan¹⁹,
Andrea J. Cullen¹⁹,
John Mellor¹⁹ &
…
Pravin Mirchandani²⁰

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 5872))

Included in the following conference series:

OTM Confederated International Conferences "On the Move to Meaningful Internet Systems"

1249 Accesses

Abstract

This research work has focussed on analysing the efficacy of the virtualization concept for Network Intrusion Detection Systems (NIDS) in the high-speed environment. We have selected an open source NIDS, Snort for evaluation. Snort has been evaluated on virtual systems built on Windows XP SP2, Linux 2.6 and Free BSD 7.1 platforms. Our results have identified a strong performance limitation of NIDS running on virtual platforms. This can be concluded that virtualization is not an ideal solution for NIDS in high-speed environments.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Design and Implementation of a Lightweight Kernel-Level Network Intrusion Prevention System for Virtualized Environment (Short Paper)

Defending Cloud Computing Environment Against the Challenge of DDoS Attacks Based on Software Defined Network

Evaluation of an Impact of the DoS Attacks on the Selected Virtualization Platforms

References

Snort, http://www.Snort.org/
Baker, A.R., Esler, J.: Snort IDS and IPS Toolkit. Syngress, Canada (2007)
Google Scholar
Akhlaq, M., et al.: Virtualization Efficacy for NIDS in High Speed Environments. In: Information Security and Digital Forensics Conference 2009 to be held in City University London, September 7-8 (in press, 2009)
Google Scholar

Download references

Author information

Authors and Affiliations

Informatics Research Institute, University of Bradford, Bradford, BD7 1DP, United Kingdom
Monis Akhlaq, Faeiz Alserhani, Irfan U. Awan, Andrea J. Cullen & John Mellor
Syphan Technologies,
Pravin Mirchandani

Authors

Monis Akhlaq
View author publications
You can also search for this author in PubMed Google Scholar
Faeiz Alserhani
View author publications
You can also search for this author in PubMed Google Scholar
Irfan U. Awan
View author publications
You can also search for this author in PubMed Google Scholar
Andrea J. Cullen
View author publications
You can also search for this author in PubMed Google Scholar
John Mellor
View author publications
You can also search for this author in PubMed Google Scholar
Pravin Mirchandani
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

STARLab, Vrije Universiteit Brussel (VUB), Bldg G/10, Pleinlaan 2, 1050, Brussels, Belgium
Robert Meersman
Facultad de Informática, Universidad Politécnica de Madrid, Campus de Montegancedo S/N, 28660, Boadilla del Monte, Madrid, Spain
Pilar Herrero
DEBII - CBS, De Laeter Way, Curtin University of Technology, 6102, Bentley, WA, Australia
Tharam Dillon

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Akhlaq, M., Alserhani, F., Awan, I.U., Cullen, A.J., Mellor, J., Mirchandani, P. (2009). Virtualization in Network Intrusion Detection Systems. In: Meersman, R., Herrero, P., Dillon, T. (eds) On the Move to Meaningful Internet Systems: OTM 2009 Workshops. OTM 2009. Lecture Notes in Computer Science, vol 5872. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-05290-3_3

Download citation

DOI: https://doi.org/10.1007/978-3-642-05290-3_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-05289-7
Online ISBN: 978-3-642-05290-3
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics