In previous work we have build a NIDS cluster as a scalable solution for realizing highperformance, state ful network intrusion detection on commodity hardware. Prototypes of our cluster, consisting of up to 10 PCs, are already operating at two major network sites. In this work we are now gaging the scalability of our approach on the DETER testbed to identify potential performance bottlenecks when using larger number of nodes. Due to privacy concerns we can only use syn thetic traffic for our evaluation and therefore start by building a new loadbalancer element which can repli cate small packet traces by several orders of magnitude. We then use this element to generate a networkload suit able for stresstesting the NIDS cluster from traffic cap tured on a single workstation. While this approach cannot take into account many characteristics of sitespecific live traffic, it still allows us to perform a first assessment of the cluster’s underly
PDF
download
878987797
028-85220240
