Virtualization Efficacy for Network Intrusion Detection Systems in High Speed Environment

The virtualization concept was developed a few decades back to facilitate the sharing of expensive and robust main-frame hardware among different applications. In the current scenario, virtualization has gone through a conceptual transformation from cost effectiveness to resource sharing. The research community has found virtualization to be reliable, multipurpose and adaptable. This has enabled a single system to dynamically map its resources among multiple instances of operating systems running numerous applications. The concept has been adopted on platforms dealing with network performance, application analysis, system design, network security and storage issues. This research work has focussed on analysing the efficacy of the virtualization concept for Network Intrusion Detection Systems (NIDS) in the high-speed environment. We have selected an open source NIDS, Snort for evaluation. Snort has been evaluated on virtual systems built on Windows XP SP2, Linux 2.6 and Free BSD 7.1 platforms. The test-bench is considered to be extremely sophisticated, ensuring current day network requirements. The evaluation has been targeted at the packet-handling capacity of operating systems/ applications (Snort) under different traffic conditions and on similar hardware platforms. Our results have identified a strong performance limitation of NIDS running on virtual platforms. It can be easily ascertained that virtual platforms are not ideal for NIDS in high-speed environments. Finally, the analysis has also identified the factors responsible for the unsatisfactory performance of IDS (Snort) on a virtual platform.

[1]  Robert Tibshirani,et al.  An Introduction to the Bootstrap , 1994 .

[2]  L. Deri Improving Passive Packet Capture : Beyond Device Polling , 2003 .

[3]  David Moore,et al.  The Spread of the Witty Worm , 2004, IEEE Secur. Priv..

[4]  Rogier Dittner,et al.  An Introduction to Virtualization , 2007 .

[5]  Monis Akhlaq,et al.  Evaluating Intrusion Detection Systems in High Speed Networks , 2009, 2009 Fifth International Conference on Information Assurance and Security.

[6]  Jamal Hadi Salim,et al.  Beyond Softnet , 2001, Annual Linux Showcase & Conference.

[7]  Jing Xu,et al.  On the Use of Fuzzy Modeling in Virtualized Data Center Management , 2007, Fourth International Conference on Autonomic Computing (ICAC'07).

[8]  Amitava Biswas,et al.  A High Performance Packet Capturing Support for Alarm Management Systems , 2005, IASTED PDCS.

[9]  Khaled Salah,et al.  Performance evaluation of interrupt-driven kernels in gigabit networks , 2003, GLOBECOM '03. IEEE Global Telecommunications Conference (IEEE Cat. No.03CH37489).

[10]  Anja Feldmann,et al.  Packet Capture in 10-Gigabit Ethernet Environments Using Contemporary Commodity Hardware , 2007, PAM.