Browsing by Author "Ahvenniemi, Mikko"

Filter results by typing the first few letters
Now showing 1 - 2 of 2
  • Haittaohjelmien taksonomiat
    (2008) Ahvenniemi, Mikko
     Informaatio- ja luonnontieteiden tiedekunta | Bachelor's thesis
  • Selective flow distribution for network-based intrusion detection clusters
    (2012) Ahvenniemi, Mikko
     School of Science | Master's thesis
    Computer and telecom network users face many threats including malware, port scanning, and outright attacks to gain root access or crack other user accounts. Intrusion detection systems (IDS) monitor network traffic or operating system activities to detect signs of attacks. For network-based intrusion detection systems (NIDS) performance becomes a critical issue when traffic rates rise to ten Gbps and above. One way to tackle the increasing computational demands is the use of a cluster of commodity hardware. Balancing the load between the cluster nodes then becomes a major issue. Traditionally in network-based intrusion detection clusters load balancing has been done in round robin fashion. In this thesis we present a selective flow distribution method for network-based intrusion detection clusters. We build a network-based intrusion detection cluster prototype that uses Snort for the packet analysis on the cluster nodes and Linux Netfilter for the selective flow distribution. We find homogenous flows from sample traffic and distribute these homogenous flows for separate cluster nodes. The cluster nodes running Snort perform 10-15% faster in our experiments compared to the round robin load balancing. The factors affecting the performance benefit should be studied further, and the cluster prototype can be improved by modifying the Linux Netfilter code to enable truly flow-based routing and load balancing based on related flows, and by adding support for GPRS Tunnelling Protocol routing.