research-article

Intrusion detection at 100G

Authors:

Scott Campbell,

Jason LeeAuthors Info & Claims

SC '11: State of the Practice Reports

Article No.: 14, Pages 1 - 9

https://doi.org/10.1145/2063348.2063367

Published: 12 November 2011 Publication History

Abstract

Driven by the growing data transfer needs of the scientific community and the standardization of the 100 Gbps Ethernet Specification, 100 Gbps is now becoming a reality for many HPC sites. This tenfold increase in bandwidth creates a number of significant technical challenges. We show that by using the heavy tail flow effect as a filter, it should be possible to perform active IDS analysis at this traffic rate using a cluster of commodity systems driven by a dedicated load balancing mechanism. Additionally, we examine the nature of current network traffic characteristics applying them to 100Gpbs speeds.

References

[1]

Bro Cluster http://www.broids.org/wiki/index.php/Bro_Cluster

[2]

ESnet 100G Announcement; http://newscenter.lbl.gov/press-releases/2009/08/10/esnet/

[3]

J. Gonzalez and V. Paxson, Enhancing Network Intrusion Detection With Integrated Sampling and Filtering, Proceedings RAID 2006.

Digital Library

[4]

J. Gonzalez, V. Paxson, and N. Weaver, Shunting: A Hardware/Software Architecture for Flexible, High-Performance Network Intrusion Prevention, Proceedings ACM CCS, October 2007.

Digital Library

[5]

S. Kornexl, V. Paxson, H. Dreger, A. Feldmann and R. Sommer, Building a Time Machine for Efficient Recording and Retrieval of High-Volume Network Traffic, Proceedings ACM IMC, October 2005.

Digital Library

[6]

Leland, W., Taqqu M., Willinger, Wilso, D. "On the Self-similar Nature of Ethernet Traffic." Proceedings, SIGCOMM '93, September 1993.

Digital Library

[7]

K. Papagiannaki, D. Veitch and N. Hohn, Lecture Notes in Computer Science, vol. 3015/2004, pp. 126--136, Passive and Active Measurement Workshop, Antibes, France, April 2004

[8]

V. Paxson, Bro: A System for Detecting Network Intruders in Real-Time, Computer Networks, 31(23-24), pp. 2435--2463, 14 Dec. 1999.

Digital Library

[9]

V. Paxson and S. Floyd, Wide-Area Traffic: The Failure of Poisson Modeling, IEEE/ACM Transactions on Networking, Vol. 3 No. 3, pp. 226--244, June 1995

Digital Library

[10]

R Development Core Team (2010). R: A language and environment for statistical computing. R Foundation for Statistical Computing, Vienna, Austria. ISBN 3-900051-07-0, URL: http://www.R-project.org

[11]

SBIR Networking Solicitation http://www.science.doe.gov/sbir/solicitations/FY%202010/40.ASCR.Networking.htm

[12]

F. Schneider, J. Wallerich, A. Feldmann. Packet Capture in 10-Gigabit Ethernet Environments Using Contemporary Commodity Hardware, PAM 2007 (Louvain-la-neuve, Belgium)

Digital Library

[13]

M. Vallentin, R. Sommer, J. Lee, C. Leres, V. Paxson, and Brian Tierney, The NIDS Cluster: Scalable, Stateful Network Intrusion Detection on Commodity Hardware, Proceedings RAID 2007.

Digital Library

[14]

N. Weaver, V. Paxson, and J. Gonzalez, The Shunt: An FPGA-Based Accelerator for Network Intrusion Prevention, Proceedings FPGA 07, February 2007.

Digital Library

[15]

High Speed Networks, TCP/IP and ATM Design Principles. William Stallings, Prentice Hall, 1998

Digital Library

[16]

N. Brownlee and K. Claffy, Understanding Internet traffic streams: Dragonflies and tortoises, IEEE Communications, vol. 40, no. 10, pp. 110--117, Oct. 2002.

Digital Library

Cited By

Khazraee MForencich APapen GSnoeren ASchulman AAamodt TJerger NSwift M(2023)Rosebud: Making FPGA-Accelerated Middlebox Development More PleasantProceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 310.1145/3582016.3582067(586-605)Online publication date: 25-Mar-2023
https://dl.acm.org/doi/10.1145/3582016.3582067
Varghese JMuniyal B(2021)An Efficient IDS Framework for DDoS Attacks in SDN EnvironmentIEEE Access10.1109/ACCESS.2021.30780659(69680-69699)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3078065
Molina-Coronado BMori UMendiburu AMiguel-Alonso J(2020)Survey of Network Intrusion Detection Methods From the Perspective of the Knowledge Discovery in Databases ProcessIEEE Transactions on Network and Service Management10.1109/TNSM.2020.301624617:4(2451-2479)Online publication date: Dec-2020
https://doi.org/10.1109/TNSM.2020.3016246
Show More Cited By

Intrusion detection at 100G
1. Networks
  1. Network services

Recommendations

SLA-based complementary approach for network intrusion detection

Enhancing the intrusion detection system is essential to maintain user confidence in network services security. However, the threat of intruders on Internet services is prevalent. This paper proposes a distributed edge-to-edge complementary approach for ...
Network intrusion detection: monitoring, simulation and visualization
Network intrusion detection with semantics-aware capability
IPDPS'06: Proceedings of the 20th international conference on Parallel and distributed processing

Malicious network traffic, including widespread worm activity, is a growing threat to Internet-connected networks and hosts. In this paper, we propose a network intrusion detection system (NIDS) with semantics-aware capability. Our NIDS segregates ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SC '11: State of the Practice Reports

November 2011

242 pages

ISBN:9781450311397

DOI:10.1145/2063348

Conference Chair:
Scott Lathrop
University of Chicago
,
Program Chairs:
Jim Costa
Sandia National Laboratories
,
William Kramer
National Center for Supercomputing Applications

Copyright © 2011 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGARCH: ACM Special Interest Group on Computer Architecture
IEEE-CS: Computer Society

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 November 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Funding Sources

U.S. Department of Energy

Conference

SC '11

Sponsor:

SIGARCH
IEEE-CS

SC '11: International Conference for High Performance Computing, Networking, Storage and Analysis

November 12 - 18, 2011

Washington, Seattle

Acceptance Rates

Overall Acceptance Rate 1,516 of 6,373 submissions, 24%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
205
Total Downloads

Downloads (Last 12 months)10
Downloads (Last 6 weeks)0

Reflects downloads up to 18 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Khazraee MForencich APapen GSnoeren ASchulman AAamodt TJerger NSwift M(2023)Rosebud: Making FPGA-Accelerated Middlebox Development More PleasantProceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 310.1145/3582016.3582067(586-605)Online publication date: 25-Mar-2023
https://dl.acm.org/doi/10.1145/3582016.3582067
Varghese JMuniyal B(2021)An Efficient IDS Framework for DDoS Attacks in SDN EnvironmentIEEE Access10.1109/ACCESS.2021.30780659(69680-69699)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3078065
Molina-Coronado BMori UMendiburu AMiguel-Alonso J(2020)Survey of Network Intrusion Detection Methods From the Perspective of the Knowledge Discovery in Databases ProcessIEEE Transactions on Network and Service Management10.1109/TNSM.2020.301624617:4(2451-2479)Online publication date: Dec-2020
https://doi.org/10.1109/TNSM.2020.3016246
Ghorbani SGodfrey P(2017)COCONUTProceedings of the Twelfth European Conference on Computer Systems10.1145/3064176.3064201(32-47)Online publication date: 23-Apr-2017
https://dl.acm.org/doi/10.1145/3064176.3064201
Ros-Giralt JRotsted BCommike ACampbell SSharma A(2013)Overcoming performance collapse for 100Gbps cyber securityProceedings of the first workshop on Changing landscapes in HPC security10.1145/2465808.2465811(15-22)Online publication date: 18-Jun-2013
https://dl.acm.org/doi/10.1145/2465808.2465811
Ros-Giralt JSzilagyi PLethin R(2012)Scalable Cyber-Security for Terabit Cloud ComputingProceedings of the 2012 SC Companion: High Performance Computing, Networking Storage and Analysis10.1109/SC.Companion.2012.338(1607-1616)Online publication date: 10-Nov-2012
https://dl.acm.org/doi/10.1109/SC.Companion.2012.338

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents