To search, Click below search items.


All Published Papers Search Service


Performance Improvement by Coordinating Configurations of Independently-managed NIDS


Miyuki Hanaoka, Kenji Kono, Toshio Hirotsu, Hirotake Abe


Vol. 11  No. 5  pp. 1-11


Because of today's increased traffic volume and sophisticated attacks, implementing a network intrusion detection/prevention system (NIDS/NIPS) with a single workstation has been chal-lenging. In this paper, we propose Brownie, a system for im-proving performance by coordinating configurations of already-existing, independently-managed NIDSs in an organization. In-stead of installing one expensive hardware or parallel NIDSs at a network entry point, Brownie achieves performance improvement by 1) offloading overloaded NIDS, and 2) eliminating redundant rules. First, Brownie exchanges NIDSs' load status and transfers some rules from overloaded to light-loaded NIDSs, which prevents the overloaded NIDSs from bottlenecking the network. Second, if some NIDSs on a network path enable the same rules, Brownie eliminates the redundant rules, which reduces the aggregate overhead of the NIDSs. The experimental results with a web server benchmark suggest that Brownie increases the benchmark throughput by more than 10%. In addition, Brownie running with a university full-packet trace successfully offloads overloaded NIDS and eliminates redundant rules.


Network Security, Network Intrusion Detection-Prevention System, Performance