Literature Database Entry
zhang2023load
Xueting Zhang, "Load management in a Distributed Intrusion Detection System," Master's Thesis, School of Electrical Engineering and Computer Science (EECS), TU Berlin (TUB), July 2023. (Advisor: Hossein Doroud; Referees: Falko Dressler and Thomas Sikora)
Abstract
With the increasing prevalence of cyber attacks, the need for effective intrusion detection system(IDS) has become paramount. In large networks, distributed IDSs are required to handle large amounts of traffic in the network. However, traditional Distributed IDSs (D-IDS) face challenges in dynamic network environments, particularly in high-speed networks where packet loss is a concern. This thesis aims to enhance the performance of D-IDSs in high-speed networks by addressing the high load problem. The main problem addressed in this thesis is the high load issue of D-IDSs in high-speed networks, resulting in reduced detection rates and increased packet loss. The goal is to preserve the performance of D-IDSs in a high speed network while efficiently distributing network flows among IDSs To tackle this problem, a Dynamic-Distributed IDS(DD-IDS) architecture is proposed, utilizing network programmability and distributed computing techniques. This approach involves distributing IDS functions across multiple virtual machines and dynamically assigning flows to dedicated IDSs based on network conditions. Shortest path algorithms and threshold selection are explored to optimize IDS per- formance. Real-world network datasets are used for experimental evaluations. The results demonstrate that the dynamic-distributed IDS outperforms the baseline IDS in terms of packet loss, and achieves higher detection rates across different speeds. Unlike the baseline IDS that detects all flows passing through it, our approach ensures that each flow is detected by only one IDS, leading to improved resource utilization. The findings of this research highlight the effectiveness of the dynamic-distributed IDS approach in managing the load of IDSs in high-speed networks. By leveraging network programmability and distributed computing, my approach addresses the limitations of traditional D-IDSs and effectively mitigates packet loss. In conclusion, this thesis contributes to the field of network security by presenting an approach to enhance D-IDS performance in dynamic networks. The proposed dynamic-distributed IDS architecture, along with the optimization strategies, offers a solution for improving the efficiency of D-IDSs. Future research can consider the packet forwarding capability and packet caching capability of the switch, and explore the impact of link blocking state. Additionally, the threshold in this thesis can be adjusted to further optimize the performance of the system.
Quick access
Contact
Xueting Zhang
BibTeX reference
@phdthesis{zhang2023load,
author = {Zhang, Xueting},
title = {{Load management in a Distributed Intrusion Detection System}},
advisor = {Doroud, Hossein},
institution = {School of Electrical Engineering and Computer Science (EECS)},
location = {Berlin, Germany},
month = {7},
referee = {Dressler, Falko and Sikora, Thomas},
school = {TU Berlin (TUB)},
type = {Master's Thesis},
year = {2023},
}
Copyright notice
Links to final or draft versions of papers are presented here to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or distributed for commercial purposes without the explicit permission of the copyright holder.
The following applies to all papers listed above that have IEEE copyrights: Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
The following applies to all papers listed above that are in submission to IEEE conference/workshop proceedings or journals: This work has been submitted to the IEEE for possible publication. Copyright may be transferred without notice, after which this version may no longer be accessible.
The following applies to all papers listed above that have ACM copyrights: ACM COPYRIGHT NOTICE. Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from Publications Dept., ACM, Inc., fax +1 (212) 869-0481, or permissions@acm.org.
The following applies to all SpringerLink papers listed above that have Springer Science+Business Media copyrights: The original publication is available at www.springerlink.com.
This page was automatically generated using BibDB and bib2web.