The Solutions of security are disturbed by aftermaths of the fast evolution of the infrastructure. Indeed, the new networks use more and more fast links in Gigabits and 10 Gigabits whereas the methods of security most often applied as IDSs, firewalls and cryptography are incapable to follow this fast transfer of data. In this paper, we are interested in the NIDSs. In fact the constant increase in network speed and throughput pose new challenges to these systems. Current NIDSs are designed to 10/100 Mbps [6], nevertheless large network installations are Gigabit Ethernet (1000 Mbps), so the task of detection becomes increasingly difficult with only one NIDS. The purpose of this paper is to discuss a new approach with the aim of accelerating the intrusion detection. The approach is based on three main steps: traffic classification, load balancing and a high availability mechanism. The paper describes all the above mentioned approaches and presents an experimental evaluation of their effectiveness.
[1]
R. Sekar,et al.
A high-performance network intrusion detection system
,
1999,
CCS '99.
[2]
Lambert Schaelicke,et al.
Characterizing the Performance of Network Intrusion Detection Sensors
,
2003,
RAID.
[3]
William L. Fithen,et al.
State of the Practice of Intrusion Detection Technologies
,
2000
.
[4]
Christopher Krügel,et al.
Stateful intrusion detection for high-speed network's
,
2002,
Proceedings 2002 IEEE Symposium on Security and Privacy.
[5]
Martin Roesch,et al.
Snort - Lightweight Intrusion Detection for Networks
,
1999
.