High Speed NIDS using Dynamic Cluster and Comparator Logic

Cluster technology has witnessed a tremendous inception in computing world. The technique integrates the standard computing resources to generate more processing power and other hardware strengths. The collection of interconnected stand-alone computers ensures high availability, increased throughput, scalability and improved performance. We have developed a dynamic cluster based approach for high speed Network Intrusion Detection Systems (NIDS) using refined policy based routing. The front end of the cluster is the loadbalancer which distributes the traffic among cluster nodes on a predefined policy. Our proposed logic ensured maximum utilization of cluster resources by exchanging state information, load sharing, reducing data loss and performing recovery evaluation procedure to maximize overall efficiency. Our rule based loadbalancing technique which uses switchovers to prevent system overloading has shown quality results. We have further integrated the concept of Comparator Logic to recover the lost traffic in case of switchovers etc. The retrieved data is re-evaluated by recovery NIDS thus maximizing the system efficiency. Snort, an open source NIDS has been used on account of being a de-facto IDS standard. Finally, our results ratify the adoption of cluster based approach in NIDS environment using commodity hardware. We have validated the concept by analyzing the performance in different traffic conditions, packet sizes, configurations and bandwidths. Our results showed a significant improvement of the system in terms of packet handling/analyzing capacity and can be considered as good contribution in cluster based adoption of NIDS.