On optimizing load balancing of intrusion detection and prevention systems

Anh Le; Ehab Al-Shaer; Raouf Boutaba

doi:10.1109/INFOCOM.2008.4544576

On optimizing load balancing of intrusion detection and prevention systems

Anh Le^*
, Ehab Al-Shaer
, Raouf Boutaba

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

6 Scopus citations

Abstract

In large-scale enterprise networks, multiple network intrusion detection and prevention systems are used to provide high quality protection. A challenging problem is to maintain load balancing of the systems, while minimizing the loss of information due to distributing traffic. Because anomaly-based detection and prevention of some intrusions require a single system to analyze attack-correlated flows, this loss of information might severely reduce the accuracy of the detection and prevention. In this paper, we address this problem by first formalizing the load balancing problem as an optimization problem, considering both the load variance and the information loss. We then present our Benefit-based Load Balancing (BLB) algorithm as a solution to the problem. We have implemented a prototype load-balancer with BLB algorithm and evaluated it against a DDoS attack. Our results show that the load-balancer significantly improves the detection accuracy, while being able to keep the load of the systems close within a desired bound.

Original language	English
Title of host publication	2008 IEEE INFOCOM Workshops
DOIs	https://doi.org/10.1109/INFOCOM.2008.4544576
State	Published - 2008
Externally published	Yes

Publication series

Name	Proceedings - IEEE INFOCOM
ISSN (Print)	0743-166X

ASJC Scopus subject areas

General Computer Science
Electrical and Electronic Engineering

Access to Document

10.1109/INFOCOM.2008.4544576

Cite this

@inproceedings{f6437079168142058c22b1750654824e,

title = "On optimizing load balancing of intrusion detection and prevention systems",

abstract = "In large-scale enterprise networks, multiple network intrusion detection and prevention systems are used to provide high quality protection. A challenging problem is to maintain load balancing of the systems, while minimizing the loss of information due to distributing traffic. Because anomaly-based detection and prevention of some intrusions require a single system to analyze attack-correlated flows, this loss of information might severely reduce the accuracy of the detection and prevention. In this paper, we address this problem by first formalizing the load balancing problem as an optimization problem, considering both the load variance and the information loss. We then present our Benefit-based Load Balancing (BLB) algorithm as a solution to the problem. We have implemented a prototype load-balancer with BLB algorithm and evaluated it against a DDoS attack. Our results show that the load-balancer significantly improves the detection accuracy, while being able to keep the load of the systems close within a desired bound.",

author = "Anh Le and Ehab Al-Shaer and Raouf Boutaba",

year = "2008",

doi = "10.1109/INFOCOM.2008.4544576",

language = "English",

isbn = "9781424422197",

series = "Proceedings - IEEE INFOCOM",

booktitle = "2008 IEEE INFOCOM Workshops",

}

TY - GEN

T1 - On optimizing load balancing of intrusion detection and prevention systems

AU - Le, Anh

AU - Al-Shaer, Ehab

AU - Boutaba, Raouf

PY - 2008

Y1 - 2008

N2 - In large-scale enterprise networks, multiple network intrusion detection and prevention systems are used to provide high quality protection. A challenging problem is to maintain load balancing of the systems, while minimizing the loss of information due to distributing traffic. Because anomaly-based detection and prevention of some intrusions require a single system to analyze attack-correlated flows, this loss of information might severely reduce the accuracy of the detection and prevention. In this paper, we address this problem by first formalizing the load balancing problem as an optimization problem, considering both the load variance and the information loss. We then present our Benefit-based Load Balancing (BLB) algorithm as a solution to the problem. We have implemented a prototype load-balancer with BLB algorithm and evaluated it against a DDoS attack. Our results show that the load-balancer significantly improves the detection accuracy, while being able to keep the load of the systems close within a desired bound.

AB - In large-scale enterprise networks, multiple network intrusion detection and prevention systems are used to provide high quality protection. A challenging problem is to maintain load balancing of the systems, while minimizing the loss of information due to distributing traffic. Because anomaly-based detection and prevention of some intrusions require a single system to analyze attack-correlated flows, this loss of information might severely reduce the accuracy of the detection and prevention. In this paper, we address this problem by first formalizing the load balancing problem as an optimization problem, considering both the load variance and the information loss. We then present our Benefit-based Load Balancing (BLB) algorithm as a solution to the problem. We have implemented a prototype load-balancer with BLB algorithm and evaluated it against a DDoS attack. Our results show that the load-balancer significantly improves the detection accuracy, while being able to keep the load of the systems close within a desired bound.

UR - https://www.scopus.com/pages/publications/51049116250

U2 - 10.1109/INFOCOM.2008.4544576

DO - 10.1109/INFOCOM.2008.4544576

M3 - Conference contribution

AN - SCOPUS:51049116250

SN - 9781424422197

T3 - Proceedings - IEEE INFOCOM

BT - 2008 IEEE INFOCOM Workshops

ER -

On optimizing load balancing of intrusion detection and prevention systems

Abstract

Publication series

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this