Abstract

Nowadays the importance of intrusion detection is amplified due to the incredible increase in the number of attacks on the networks. The ubiquity of the Internet and the easy perpetration of attacks will lead to more hostile traffic. With the advent of high-speed Internet connections, organizations today find it difficult to detect intrusions. So multi sensor intrusion detection systems are inevitable. The optimum distribution of traffic to the sensors is a challenging task. We present a mechanism to split traffic to different intrusion detection sensors (e.g., SNORT based sensors) to make the task manageable. This splitting of traffic to each sensor is managed by policies enforced on the splitter by the management console. The system is adaptive in the sense that it can adjust the splitting policies for keeping load disparity among sensors reduced. This mechanism of policy-reloading also take into account the similarity between all possible pairs of policies and tries to minimize the packet duplication rate during the operation of the system. Our mechanism is based on the observation that minimizing the percentage of traffic being duplicated can enhance system performance. We also discuss the effects of the reloading of splitting policies on packet duplication rate and on the load on the sensors.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.