Predicting the resource consumption of network intrusion detection systems

13 years 11 months ago

Download www.icir.org

Abstract. When installing network intrusion detection systems (NIDSs), operators are faced with a large number of parameters and analysis options for tuning trade-offs between detection accuracy versus resource requirements. In this work we set out to assist this process by understanding and predicting the CPU and memory consumption of such systems. We begin towards this goal by devising a general NIDS resource model to capture the ways in which CPU and memory usage scale with changes in network traffic. We then use this model to predict the resource demands of different configurations in specific environments. Finally, we present an approach to derive site-specific NIDS configurations that maximize the depth of analysis given predefined resource constraints. We validate our approach by applying it to the open-source Bro NIDS, testing the methodology using real network data, and developing a corresponding tool, nidsconf, that automatically derives a set of configurations suitable for a...

Holger Dreger, Anja Feldmann, Vern Paxson, Robin S

Real-time Traffic

Hardware | Memory Usage Scale | Resource | SIGMETRICS 2008 | Site-specific Nids Configurations |

claim paper

Post Info
More Details (n/a)

Added	15 Dec 2010
Updated	15 Dec 2010
Type	Journal
Year	2008
Where	SIGMETRICS
Authors	Holger Dreger, Anja Feldmann, Vern Paxson, Robin Sommer

Comments (0)

Sciweavers

Predicting the resource consumption of network intrusion detection systems

Hardware | Memory Usage Scale | Resource | SIGMETRICS 2008 | Site-specific Nids Configurations |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers