A new approach for the scalable intrusion detection in high-speed networks

Download
2007
Şahin, Ümit Burak
As the networks become faster and faster, the emerging requirement is to improve the performance of the Intrusion Detection and Prevention Systems (IDPS) to keep up with the increased network throughput. In high speed networks, it is very difficult for the IDPS to process all the packets. Since the throughput of IDPS is not improved as fast as the throughput of the switches and routers, it is necessary to develop new detection techniques other than traditional techniques. In this thesis we propose a rule-based IDPS technique to detect Layer 2-4 attacks by just examining the flow data without inspecting packet payload. Our approach is designed to work as an additional component to existing IDPS as we acknowledge that the attacks at Layer 5 and above require payload inspection. The rule set is constructed and tested on a real network to evaluate the performance of the system.

Suggestions

Software implementations of QoS scheduling algorithms for high speed networks /
Pehlivanlı, Aydın; Schmidt, Şenan Ece; Department of Electrical and Electronics Engineering (2015)
The end to end Quality of Service (QoS) support for the dominating multimedia traffic in the contemporary computer networks is achieved by implementing schedulers in the routers and deploying traffic shapers. To this end, realistic modeling and simulation of these components is essential for network performance evaluation. The first contribution of this thesis is the design and implementation of a C++ simulator QueST (Quality of Service simulaTor) for this task. QueST is a modular cycle accurate simulator w...
Improving performance of network intrusion detection systems through concurrent mechanisms
Atakan, Mustafa; Şener, Cevat; Department of Computer Engineering (2003)
As the bandwidth of present networks gets larger than the past, the demand of Network Intrusion Detection Systems (NIDS) that function in real time becomes the major requirement for high-speed networks. If these systems are not fast enough to process all network traffic passing, some malicious security violations may take role using this drawback. In order to make that kind of applications schedulable, some concurrency mechanism is introduced to the general flowchart of their algorithm. The principal aim is...
A simple and effective mechanism for stored video streaming with TCP transport and server-side adaptive frame discard
Gurses, E; Akar, Gözde; Akar, N (Elsevier BV, 2005-07-15)
Transmission control protocol (TCP) with its well-established congestion control mechanism is the prevailing transport layer protocol for non-real time data in current Internet Protocol (IP) networks. It would be desirable to transmit any type of multimedia data using TCP in order to take advantage of the extensive operational experience behind TCP in the Internet. However, some features of TCP including retransmissions and variations in throughput and delay, although not catastrophic for non-real time data...
Evaluation of core stateless guaranteed fair network architecture
Akbaş, Mustafa İlhan; Bazlamaçcı, Cüneyt Fehmi; Department of Electrical and Electronics Engineering (2006)
The problem of providing Quality of Service (QoS) in the Internet has been an extremely active area of research and various mechanisms have been proposed related to this subject. Developing network applications have requirements such as bounded delay, jitter, minimum bandwidth and maximum loss rate. There is also a need to support large bandwidth networks because of growing link speeds. Previous QoS efforts did not fully satisfy all these needs of future networks but more recent approaches aim to be both sc...
The Development and hardware implementation of a high speed adaptable packet switch fabric
Akbaba, Erdem Eyüp; Schmidt, Şenan Ece; Department of Electrical and Electronics Engineering (2013)
Routers have to be fast enough to keep pace with increasing traffic data rate because of the increasing need for network bandwidth and processing. The switch fabric component of a router is a combination of hardware and software which moves the incoming packets to the outgoing ports. The access of the input ports to the switch fabric is controlled by a scheduler which affects the overall performance together with the fabric design. In this thesis we investigate two switch fabric and scheduler architectures,...
Citation Formats
Ü. B. Şahin, “A new approach for the scalable intrusion detection in high-speed networks,” M.S. - Master of Science, Middle East Technical University, 2007.