Power Efficient Secure Web Servers

The power consumption of web servers and associated se- curity devices is becoming an increasing issue both from an economic and environmental perspective. This paper analyses the power consumption of both security software and web server software and concludes that traditional architectures waste energy with repeated transitions up and down the TCP/IP stack. This contention is proved by comparing the energy usage of a traditional architec- ture and a new architecture whereby IDS functionality is moved into the web server and all operations share HTTP packets. Based on these ndings we propose a novel al- ternative power ecient architecture for web servers that may also be usable in other network systems.

[1]  Nicolas Sklavos,et al.  Economic Models & Approaches in Information Security for Computer Networks , 2006, Int. J. Netw. Secur..

[2]  Sotiris Ioannidis,et al.  MIDeA: a multi-parallel intrusion detection architecture , 2011, CCS '11.

[3]  Miroslav Stampar Inferential SQL Injection Attacks , 2016, Int. J. Netw. Secur..

[4]  Kevin Skadron,et al.  Power-aware QoS management in Web servers , 2003, RTSS 2003. 24th IEEE Real-Time Systems Symposium, 2003.

[5]  Anne E. James,et al.  Network Intrusion Detection Systems in High-Speed Traffic in Computer Networks , 2013, 2013 IEEE 10th International Conference on e-Business Engineering.

[6]  Pritika Mehra,et al.  A brief study and comparison of Snort and Bro Open Source Network Intrusion Detection Systems , 2012 .

[7]  S Sivabalan,et al.  Real time calibration of DDoS blocking rules for Web Servers , 2016 .

[8]  Andrew W. Moore,et al.  Reconfigurable Network Systems and Software-Defined Networking , 2015, Proceedings of the IEEE.

[9]  Chao-Tung Yang,et al.  A performance-based grid intrusion detection system , 2005, 29th Annual International Computer Software and Applications Conference (COMPSAC'05).

[10]  Fakhri Karray,et al.  Lightweight IDS Based on Features Selection and IDS Classification Scheme , 2009, 2009 International Conference on Computational Science and Engineering.

[11]  Sandeep K. S. Gupta,et al.  Measurement-based power profiling of data center equipment , 2007, CLUSTER.

[12]  Sujatha Sivabalan,et al.  A novel framework to detect and block DDoS attack at the application layer , 2013, IEEE 2013 Tencon - Spring.

[13]  Mohey M. Hadhoud,et al.  Evaluating the Effects of Symmetric Cryptography Algorithms on Power Consumption for Different Data Types , 2010, Int. J. Netw. Secur..

[14]  Saeed M. Alqahtani,et al.  An Intelligent Intrusion Detection System for Cloud Computing (SIDSCC) , 2014, 2014 International Conference on Computational Science and Computational Intelligence.

[15]  Michael Kistler,et al.  The case for power management in web servers , 2002 .

[16]  Mor Harchol-Balter,et al.  Optimal power allocation in server farms , 2009, SIGMETRICS '09.

[17]  Fakariah Hani Mohd Ali,et al.  IDS Using Mitigation Rules Approach to Mitigate ICMP Attacks , 2013, 2013 International Conference on Advanced Computer Science Applications and Technologies.

[18]  Shunzheng Yu,et al.  Monitoring the Application-Layer DDoS Attacks for Popular Websites , 2009, IEEE/ACM Transactions on Networking.

[19]  S. Khan,et al.  Energy-efficient Resource Utilization in Cloud Computing , 2011 .

[20]  Wayne Salamon,et al.  Implementing SELinux as a Linux Security Module , 2003 .

[21]  Giovanni Vigna,et al.  Intrusion detection: a brief history and overview , 2002 .

[22]  Monis Akhlaq,et al.  High Speed NIDS using Dynamic Cluster and Comparator Logic , 2010, 2010 10th IEEE International Conference on Computer and Information Technology.

[23]  Raymond H. Myers,et al.  Probability and Statistics for Engineers and Scientists. , 1973 .

[24]  Errin W. Fulp,et al.  A taxonomy of parallel techniques for intrusion detection , 2007, ACM-SE 45.

[25]  Ayman I. Kayssi,et al.  LAMAIDS: A Lightweight Adaptive Mobile Agent-based Intrusion Detection System , 2008, Int. J. Netw. Secur..

[26]  Lucas M. Venter,et al.  A comparison of Intrusion Detection systems , 2001, Comput. Secur..

[27]  Wanlei Zhou,et al.  Detecting and Tracing DDoS Attacks by Intelligent Decision Prototype , 2008, 2008 Sixth Annual IEEE International Conference on Pervasive Computing and Communications (PerCom).

[28]  Chao-Tung Yang,et al.  Integrating grid with intrusion detection , 2005, 19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers).

[29]  Mohamed G. Gouda,et al.  Complete Redundancy Removal for Packet Classifiers in TCAMs , 2010, IEEE Trans. Parallel Distributed Syst..

[30]  Monis Akhlaq,et al.  Evaluating Intrusion Detection Systems in High Speed Networks , 2009, 2009 Fifth International Conference on Information Assurance and Security.

[31]  Tarun Bhaskar,et al.  A Hybrid Model for Network Security Systems: Integrating Intrusion Detection System with Survivability , 2008, Int. J. Netw. Secur..