TU Berlin

Internet Network ArchitecturesHolger Dreger's Publications

Page Content

to Navigation

Holger Dreger's Publications

Operational Experiences with High-Volume Network Intrusion Detection
Citation key DFPS-OEHNID-04
Author Dreger, Holger and Feldmann, Anja and Paxson, Vern and Sommer, Robin
Title of Book CCS '04: Proceedings of the 11th ACM conference on Computer and communications security
Pages 2–11
Year 2004
ISBN 1-58113-961-6
DOI http://dx.doi.org/10.1145/1030083.1030086
Location Washington DC, USA
Address New York, NY, USA
Publisher ACM Press
Abstract In large-scale environments, network intrusion detection systems (NIDSs) face extreme challenges with respect to traffic volume, traffic diversity, and resource management. While crucial for acceptance and operational deployment, the research literature mainly omits such practical difficulties. In this paper, we offer an evaluation based on extensive operational experience. More specifically, we identify and explore key factors with respect to resource management and efficient packet processing and highlight their impact using a set of real-world traces. On the one hand, these insights help us gauge the trade-offs of tuning a NIDS. On the other hand, they motivate us to explore several novel ways of reducing resource requirements. These enable us to improve the state management considerably as well as balance the processing load dynamically. Overall this enables us to operate a NIDS successfully in our highvolume network environments.
Link to publication Download Bibtex entry


Quick Access

Schnellnavigation zur Seite über Nummerneingabe