DocumentCode :
3174421
Title :
Achieving Flow-Level Controllability in Network Intrusion Detection System
Author :
Song, Bo ; Yang, Weibing ; Chen, Mingyu ; Zhao, Xiaofang ; Fan, Jianping
Author_Institution :
Inst. of Comput. Technol., Chinese Acad. of Sci., Beijing, China
fYear :
2010
fDate :
9-11 June 2010
Firstpage :
55
Lastpage :
60
Abstract :
Current network intrusion detection systems are lack of controllability, manifested as significant packet loss due to the long-term resources occupation by a single flow. The reasons can be classified into two kinds. The first kind is known as normal reasons, that is, the processing of mass arriving packets of a large flow can not be limited to a determinable period of time and thus makes other flows starved. The second kind, in which the CPU is trapped in a dead-loop like state due to processing some packets with particular content of a flow, is considered as abnormal reasons. In fact, it is a kind of software crashes. In this paper, we discuss the innate defects of traditional packet-driven NIDS, and implement a flow-driven framework which can achieve fine-grained controllability. An Active Two-threshold scheme based on ideal Exit-Point (ATEP) is proposed in order to diminish data preserving overhead during flow switches and to detect crash in time. A quick crash recovery mechanism is also given which can recover the trapped thread from 90% crashes in 0.2 ms. The experimental results show that our flow-driven framework with ATEP scheme can achieve higher throughput and less packet loss ratio than the uncontrollable packet-driven systems with less than 1% of extra CPU overhead. What´s more, in the case of crash occurrence, the ATEP scheme is still able to maintain rather steady throughput without sudden decrease.
Keywords :
security of data; active two-threshold scheme; data preserving overhead; flow-level controllability; ideal exit-point; network intrusion detection system; packet loss; packet-driven NIDS; packet-driven systems; quick crash recovery mechanism; software crashes; Artificial intelligence; Computer crashes; Controllability; Intrusion detection; Software engineering; Software testing; System testing; Throughput; Vehicle crash testing; Yarn; ATEP; controllability; crash detection; flow-driven; quick crash recovery;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Software Engineering Artificial Intelligence Networking and Parallel/Distributed Computing (SNPD), 2010 11th ACIS International Conference on
Conference_Location :
London
Print_ISBN :
978-1-4244-7422-6
Electronic_ISBN :
978-1-4244-7421-9
Type :
conf
DOI :
10.1109/SNPD.2010.18
Filename :
5521501
Link To Document :
بازگشت