Home WakeSpace Scholarship › Electronic Theses and Dissertations

Parallel Intrusion Detection Systems for High Speed Networks Using the Divided Data Parallel Method

Electronic Theses and Dissertations

Item Files

Item Details

abstract
As the number of network attacks rise, the need for security measures such as intrusion detection systems(IDS) is apparent. The most popular type of IDS is a mis- use detection system in which a packet’s payload is compared against rules in a rules file. These packet inspections typically require considerable delay often consuming more than 70% of the IDS processing time. Unfortunately this delay becomes more significant as security policies and network speeds continue to increase. This work introduces a new parallel IDS content matching technique, called the Divided Data Parallel (DDP) method, that can provide packet inspections with less delay. The technique distributes portions of a packet payload across an array of n processors, each responsible for scanning a only smaller amount of original payload. Given this design, each processor has less data to inspect which reduces the overall delay. This work will describe how distribution can be done such that the security is maintained, which is not possible with similar parallel techniques. Furthermore the proposed parallel technique results will be shown using Snort (an open source IDS), actual IDS policies, and traffic traces.
subject
high speed
IDS
intrusion detection systems
network
networks
contributor
Kopek, Christopher Vincent (author)
kopekcv@gmail.com (authorEmail)
Dr. Errin Fulp (committee member)
creator
Kopek, Christopher Vincent
date
2008-09-28T10:52:09Z (accessioned)
2010-06-18T18:59:38Z (accessioned)
2009-09-23 (available)
2008-09-28T10:52:09Z (available)
2010-06-18T18:59:38Z (available)
2007-05-02 (issued)
degree
null (defenseDate)
Computer Science (discipline)
Wake Forest University (grantor)
MS (level)
identifier
thesis201859.pdf
http://hdl.handle.net/10339/14873 (uri)
migration
etd-09212008-201859 (oldETDId)
rights
Release the entire work immediately for access worldwide. (accessRights)
I hereby certify that, if appropriate, I have obtained and attached hereto a written permission statement from the owner(s) of each third party copyrighted matter to be included in my thesis, dissertation, or project report, allowing distribution as specified below. I certify that the version I submitted is the same as that approved by my advisory committee. I hereby grant to Wake Forest University or its agents the non-exclusive license to archive and make accessible, under the conditions specified below, my thesis, dissertation, or project report in whole or in part in all forms of media, now or hereafter known. I retain all other ownership rights to the copyright of the thesis, dissertation or project report. I also retain the right to use in future works (such as articles or books) all or part of this thesis, dissertation, or project report. (license)
title
Parallel Intrusion Detection Systems for High Speed Networks Using the Divided Data Parallel Method

Usage Statistics