THE LOAD BALANCING OF SELF-SIMILAR TRAFFIC IN NETWORK INTRUSION DETECTION SYSTEMS

Authors

DOI:

https://doi.org/10.28925/2663-4023.2020.7.1730

Keywords:

load balancing; intrusion detection systems; self-similar traffic; information flows; deep packet inspection; attacks; load imbalance

Abstract

The problem of load balancing in intrusion detection systems is considered in this paper. The analysis of existing problems of load balancing and modern methods of their solution are carried out. Types of intrusion detection systems and their description are given. A description of the intrusion detection system, its location, and the functioning of its elements in the computer system are provided. Comparative analysis of load balancing methods based on packet inspection and service time calculation is performed. An analysis of the causes of load imbalance in the intrusion detection system elements and the effects of load imbalance is also presented. A model of a network intrusion detection system based on packet signature analysis is presented. This paper describes the multifractal properties of traffic. Based on the analysis of intrusion detection systems, multifractal traffic properties and load balancing problem, the method of balancing is proposed, which is based on the funcsioning of the intrusion detection system elements and analysis of multifractal properties of incoming traffic. The proposed method takes into account the time of deep packet inspection required to compare a packet with signatures, which is calculated based on the calculation of the information flow multifractality degree. Load balancing rules are generated by the estimated average time of deep packet inspection and traffic multifractal parameters. This paper presents the simulation results of the proposed load balancing method compared to the standard method. It is shown that the load balancing method proposed in this paper provides for a uniform load distribution at the intrusion detection system elements. This allows for high speed and accuracy of intrusion detection with high-quality multifractal load balancing.

Downloads

Download data is not yet available.

References

Q. Hu, S.-Y. Yu and M. R. Asghar, “Analysing performance issues of open-source intrusion detection systems in high-speed networks,” Journal of Information Security and Applications, Volume 51, 102426, April 2020. https://doi.org/10.1016/j.jisa.2019.102426

J. Jabeza and B. Muthukumar Dr., “Intrusion Detection System (IDS): Anomaly Detection Using Outlier Detection Approach,” Procedia Computer Science, Volume 48, pp. 338-346, 2015. https://doi.org/10.1016/j.procs.2015.04.191

M. Hotaling. “IDS Load Balancer Security Audit: An Administrator's Perspective.” SANS GIAC Systems and Network AuditorVersion 2.1, Option 1, SANS Institute 2004.

S. Noel and S. Jajodia, “Optimal IDS Sensor Placement and Alert Prioritization Using Attack Graphs,” Journal of Network and Systems Management, 16(3), pp.259-275, 2008. doi: 10.1007/s10922-008-9109-x

H. Chen, J. A. Clark, S. Shaikh, H. Chivers and P. Nobles, “Optimising IDS Sensor Placement,” Conference: ARES 2010, Fifth International Conference on Availability, Reliability and Security, 15-18 February 2010, Krakow. doi: 10.1109/ARES.2010.92

Citrix ADC. (2019, January 6). “Use case 10: Load balancing of intrusion detection system servers”. [On-line]. 05. Available: https://docs.citrix.com/en-us/netscaler/12/load-balancing/load-balancing-ids-servers.html [Jan. 30, 2020].

Haproxy. (2019, Sept.) ALOHA load balancer Stateful firewalls, IPS, IDS and UTM load balancing. [On-line]. 05. Available: https://www.haproxy.com/support/technical-notes/an-0062-en-stateful-firewalls-ips-ids-and-utm-load-balancing/ [Jan. 28, 2020].

I. Ivanisenko, L. Kirichenko and T. Radivilova, “Balancing methods based on multifractal traffic properties,” International journal “Information content and processing”, Vol.2(4), pp.345-368, 2015.

I. Ivanisenko and T. Radivilova, "The multifractal load balancing method," 2015 Second International Scientific-Practical Conference Problems of Infocommunications Science and Technology (PIC S&T), Kharkiv, 2015, pp. 122-123.

D. Ageyev, L. Kirichenko, T. Radivilova, M. Tawalbeh and O. Baranovskyi, "Method of self-similar load balancing in network intrusion detection system," 2018 28th International Conference Radioelektronika (RADIOELEKTRONIKA), Prague, 2018, pp. 1-4. doi: 10.1109/RADIOELEK.2018.8376406

M. Andreolini, S. Casolari, M. Colajanni and M. Marchetti, "Dynamic load balancing for network intrusion detection systems based on distributed architectures," Sixth IEEE International Symposium on Network Computing and Applications (NCA 2007), Cambridge, MA, 2007, pp. 153-160. doi: 10.1109/NCA.2007.17

A. Le, D. R. Cheriton, R. Boutaba, R. Boutaba and E. Al-Shaer, “Correlation-based Load Balancing for Network Intrusion Detection and Prevention Systems,” 4th International ICST Conference on Security and Privacy in Communication Networks, September 2008. doi: 10.1145/1460877.1460880

Anh Le, E. Al-Shaer and R. Boutaba, "On optimizing load balancing of intrusion detection and prevention systems," IEEE INFOCOM Workshops 2008, Phoenix, AZ, 2008, pp. 1-6. doi: 10.1109/INFOCOM.2008.4544576

Т. Radivilova “Method of self-similar load distribution in network intrusion detection system,” Problemy telekomunikatsiy, №2(21), pp.42-51, 2017.

Premala and Bakhar, "MAC layer intrusion detection system by cooperation of cross layer in MANET," 2017 International Conference on Energy, Communication, Data Analytics and Soft Computing (ICECDS), Chennai, 2017, pp. 2571-2574. doi: 10.1109/ICECDS.2017.8389918

H. Jiang, G. Zhang, G. Xie, K. Salamatian and L. Mathy, "Scalable high-performance parallel design for Network Intrusion Detection Systems on many-core processors," Architectures for Networking and Communications Systems, San Jose, CA, 2013, pp. 137-146. doi: 10.1109/ANCS.2013.6665196

Sireesha Rodda, Uma Shankar Rao Erothi, “Class imbalance problem in the Network Intrusion Detection Systems,” 2016 International Conference on Electrical, Electronics, and Optimization Techniques (ICEEOT). 2016. DOI: 10.1109/ICEEOT.2016.7755181

Ciza Thomas, “Improving intrusion detection for imbalanced network traffic,” Security and communication Networks, 6, 2013, pp. 309–324. doi: 10.1002/sec.564

Y. Choi, WooJin Park, SeokHwan Choi and S. Seo, "STEAL: Service Time-Aware Load balancer on many-core processors for fast intrusion detection," 2016 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), San Francisco, CA, 2016, pp. 65-70. doi: 10.1109/INFCOMW.2016.7562047

L. Kirichenko and T. Radivilova, "Analyzes of the distributed system load with multifractal input data flows," 2017 14th International Conference The Experience of Designing and Application of CAD Systems in Microelectronics (CADSM), Lviv, 2017, pp. 260-264.

T. Radivilova, L. Kirichenko and I. Ivanisenko, "Calculation of distributed system imbalance in condition of multifractal load," 2016 Third International Scientific-Practical Conference Problems of Infocommunications Science and Technology (PIC S&T), Kharkiv, 2016, pp. 156-158. doi: 10.1109/INFOCOMMST.2016.7905366

Khor KC., Ting CY., Phon-Amnuaisuk S, “The Effectiveness of Sampling Methods for the Imbalanced Network Intrusion Detection Data Set,” In: Herawan T., Ghazali R., Deris M. (eds) Recent Advances on Soft Computing and Data Mining. Advances in Intelligent Systems and Computing, vol 287. Springer, Cham. pp 613-622, 2014. DOI https://doi.org/10.1007/978-3-319-07692-8_58

T. Radivilova, L. Kirichenko, D. Ageiev, V. Bulakh, “The Methods to Improve Quality of Service by Accounting Secure Parameters,” In: Hu Z., Petoukhov S., Dychka I., He M. (eds) Advances in Computer Science for Engineering and Education II. ICCSEEA 2019. Advances in Intelligent Systems and Computing, Springer, Cham, vol 938, pp 346-355. 2020. doi: https://doi.org/10.1007/978-3-030-16621-2_32

L. Kirichenko, T. Radivilova, I. Ivanisenko, “Distributed system imbalance analysis under self-similar load,” Visnyk Khersonsʹkoho natsionalʹnoho tekhnichnoho universytetu, №3(58), pp.224-231, 2016.

J. Lee and K. Park, “GAN-based imbalanced data intrusion detection system,” Personal and Ubiquitous Computing, pp.1-8, 2019. https://doi.org/10.1007/s00779-019-01332-y

D.A. Cieslak, N. V Chawla and A. Striegel, “Combating imbalance in network intrusion datasets,” Conference: 2006 IEEE International Conference on Granular Computing, GrC 2006, Atlanta, Georgia, USA, May 10-12, 2006. doi: 10.1109/GRC.2006.1635905

Downloads


Abstract views: 468

Published

2020-03-26

How to Cite

Radivilova, T., Kirichenko, L., Tawalbeh, M., Zinchenko, P., & Bulakh, V. (2020). THE LOAD BALANCING OF SELF-SIMILAR TRAFFIC IN NETWORK INTRUSION DETECTION SYSTEMS. Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 3(7), 17–30. https://doi.org/10.28925/2663-4023.2020.7.1730