direkt zum Inhalt springen

direkt zum Hauptnavigationsmenü

Sie sind hier

TU Berlin

Inhalt des Dokuments

Es gibt keine deutsche Übersetzung dieser Webseite.

Holger Dreger's Publications

Predicting the Resource Consumption of Network Intrusion Detection Systems
Zitatschlüssel DFPS-PRCNIDS-08
Autor Dreger, Holger and Feldmann, Anja and Paxson, Vern and Sommer, Robin
Buchtitel RAID '08: Proceedings of the 11th International Symposium On Recent Advances In Intrusion Detection
Seiten 135–154
Jahr 2008
ISBN 978-3-540-87402-7
ISSN 0302-9743
Online ISSN 1611-3349
DOI http://dx.doi.org/10.1007/978-3-540-87403-4
Ort Cambridge, MA, USA
Adresse New York, NY, USA
Jahrgang 5230
Monat September
Verlag Springer-Verlag Berlin Heidelberg
Serie Lecture Notes in Computer Science
Zusammenfassung When installing network intrusion detection systems (NIDSs), operators are faced with a large number of parameters and analysis options for tuning trade-offs between detection accuracy versus resource requirements. In this work we set out to assist this process by understanding and predicting the CPU and memory consumption of such systems. We begin towards this goal by devising a general NIDS resource model to capture the ways in which CPU and memory usage scale with changes in network traffic. We then use this model to predict the resource demands of different configurations in specific environments. Finally, we present an approach to derive site-specific NIDS configurations that maximize the depth of analysis given predefined resource constraints. We validate our approach by applying it to the open-source Bro NIDS, testing the methodology using real network data, and developing a corresponding tool, nidsconf, that automatically derives a set of configurations suitable for a given environment based on a sample of the site's traffic. While no automatically generated configuration can ever be optimal, these configurations provide sound starting points, with promise to significantly reduce the traditional trial-and-error NIDS installation cycle.
Link zur Originalpublikation [1] Download Bibtex Eintrag [2]
------ Links: ------

Zusatzinformationen / Extras


Schnellnavigation zur Seite über Nummerneingabe

Copyright TU Berlin 2008