More Web Proxy on the site http://driver.im/

short-paper

Performance Oriented Dynamic Bypassing for Intrusion Detection Systems

Authors:

Lukas Iffländer,

Jonathan Stoll,

Nishant Rawtani,

Veronika Lesch,

Klaus-Dieter Lange,

Samuel KounevAuthors Info & Claims

ICPE '19: Proceedings of the 2019 ACM/SPEC International Conference on Performance Engineering

Pages 159 - 166

https://doi.org/10.1145/3297663.3310313

Published: 04 April 2019 Publication History

Abstract

Attacks on software systems are becoming more and more frequent, aggressive and sophisticated. With the changing threat landscape, in 2018, organizations are looking at when they will be attacked, not if. Intrusion Detection Systems (IDSs) can help in defending against these attacks. The systems that host IDSs require extensive computing resources as IDSs tend to detect attacks under overloaded conditions wrongfully. With the end of Moore's law and the growing adoption of Internet of Things, designers of security systems can no longer expect processing power to keep up the pace with them. This limitation requires ways to increase the performance of these systems without adding additional compute power. In this work, we present two dynamic and a static approach to bypass IDS for traffic deemed benign. We provide its prototype implementation and evaluate our solution. Our evaluation shows promising results. Performance is increased up to the level of a system without an IDS. Attack detection is within the margin of error from the 100% rate. However, our findings show that dynamic approaches perform best when using software switches. The use of a hardware switch reduces the detection rate and performance significantly.

References

[1]

2018. Global Hybrid Cloud Market 2014-2021|Statistic. (Oct. 2018). https://www.statista.com/statistics/609581/worldwide-hybrid-cloud-market-size {On-line; accessed 30. Oct. 2018}.

[2]

Adeeb Alhomoud, Rashid Munir, Jules Pagna Disso, Irfan Awan, and A. Al-Dhelaan. 2011. Performance Evaluation Study of Intrusion Detection Systems. Procedia Computer Science, Vol. 5 (2011), 173--180.

[3]

Firas B. Alomari and Daniel A. Menascé. 2013. Self-protecting and Self-optimizing Database Systems. In Proceedings of the 2013 ACM Cloud and Autonomic Computing Conference on - CAC textquotesingle13. ACM Press.

Digital Library

[4]

Ayushi Chahal and Ritu Nagpal. 2016. Performance of Snort on Darpa Dataset and Different False Alert Reduction Techniques. In 3rd International Conference on Electrical, Electronics, Engineering Trends, Communication, Optimization and Sciences (EEECOS). https://pdfs.semanticscholar.org/9634/2f678949bcae35eabda3cfafeb0d0abe1d32.pdf

[5]

Margaret Chiosi, Don Clarke, Peter Willis, Andy Reid, James Feger, Michael Bugenhagen, Waqar Khan, Michael Fargano, Dr. Chunfeng Cui, Dr. Hui Deng, Javier Benitez, Uwe Micheel, Herbert Damker, Kenichi Ogaki, Tetsuro Matsuzaki, Masaki Fukui, Katsuhiro Shimano, Dominique Delisle, Quentin Loudier, Christos Kolias, Ivano Guardini, Elena Demaria, Roberto Minerva, Antonio Manzalini, Diego Lopez, Francisco Javier Ramon Salguero, Frank Ruhl, and Prodip Sen. 2012. Network Functions Virtualization (NFV), An Introduction, Benefits, Enablers, Challenges & Call for Action. SDN and OpenFlow World Congress, Darmstadt, Germany. (2012). http://portal.etsi.org/NFV/NFV_White_Paper.pdf

[6]

David Day and Benjamin Burns. 2011. A Performance Analysis of Snort and Suricata Network Intrusion Detection and Prevention Engines. https://www.thinkmind.org/download.php?articleid=icds_2011_7_40_90007

[7]

Michael Jarschel, Thomas Zinner, Tobias Hossfeld, Phuoc Tran-Gia, and Wolfgang Kellerer. 2014. Interfaces, Attributes, and Use Cases: A Compass for SDN. IEEE Communications Magazine, Vol. 52, 6 (June 2014), 210--217.

[8]

Joseph McKendrick. 2015. 2015 IOUG Data Integration For Cloud Survey. (May 2015). http://www.oracle.com/us/products/middleware/data-integration/ioug-di-for-cloud-survey-2596248.pdf Produced by Unisphere Research, a Division of Information Today, Inc.

[9]

Weizhi Meng, Wenjuan Li, and Lam-For Kwok. 2014. Efm: Enhancing the Performance of Signature-based Network Intrusion Detection Systems Using Enhanced Filter Mechanism. computers & security, Vol. 43 (2014), 189--204.

[10]

Aleksandar Milenkoski, Bernd Jaeger, Kapil Raina, Mason Harris, Saif Chaudhry, Sivadon Chasiri, Veronica David, and Wenmao Liu. 2016. Security Position Paper: Network Function Virtualization. (March 2016). https://cloudsecurityalliance.org/download/security-position-paper-network-function-virtualization/ Published by Cloud Security Alliance (CSA) - Virtualization Working Group.

[11]

Open Networking Foundation. 2016. Impact of SDN and NFV on OSS/BSS - ONF Solution Brief. (1 March 2016). https://www.opennetworking.org/images/stories/downloads/sdn-resources/solution-briefs/sb-OSS-BSS.pdf

[12]

Piotr Rygielski. 2017. Flexible Modeling of Data Center Networks for Capacity Management. Ph.D. Dissertation. University of Würzburg, Germany. https://opus.bibliothek.uni-wuerzburg.de/frontdoor/index/index/docId/14623

[13]

Karen Scarfone and Peter Mell. 2007. Guide to Intrusion Detection and Prevention Systems (IDPS). Technical Report. NIST Special Publication 900--94.

Digital Library

[14]

Lambert Schaelicke, Thomas Slabach, Branden Moore, and Curt Freeland. 2003. Characterizing the Performance of Network Intrusion Detection Sensors. In International Workshop on Recent Advances in Intrusion Detection. Springer, 155--172.

[15]

Holger Schulze. 2015. Cloud Security Spotlight Report. (2015). https://goo.gl/rMGh3x Presented by Information Security, LinkedIn Group Partner.

[16]

Soumya Sen. 2006. Performance Characterization & Improvement of Snort As an IDS. Bell Labs Report (2006). http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.720.2007&rep=rep1&type=pdf

[17]

Wired Staff. 2018. The Average Webpage Is Now the Size of the Original Doom. WIRED (March 2018). https://www.wired.com/2016/04/average-webpage-now-size-original-doom

[18]

Gina C Tjhai, Maria Papadaki, SM Furnell, and Nathan L Clarke. 2008. Investigating the Problem of Ids False Alarms: An Experimental Study Using Snort. In IFIP International Information Security Conference. Springer, 253--267. https://link.springer.com/content/pdf/10.1007%2F978-0-387-09699-5_17.pdf

[19]

Giovanni Vigna, William Robertson, and Davide Balzarotti. 2004. Testing Network-based Intrusion Detection Signatures Using Mutant Exploits. In Proceedings of the 11th ACM conference on Computer and communications security - CCS textquotesingle04. ACM, ACM Press, 21--30.

Digital Library

Cited By

Iffländer LFella NApte VDi Marco ALitoiu MMerseguer J(2019)Performance Influence of Security Function Chain OrderingCompanion of the 2019 ACM/SPEC International Conference on Performance Engineering10.1145/3302541.3311965(45-46)Online publication date: 27-Mar-2019
https://dl.acm.org/doi/10.1145/3302541.3311965

Index Terms

Performance Oriented Dynamic Bypassing for Intrusion Detection Systems
1. Networks
2. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
    1. Intrusion detection systems
  2. Systems security
    1. Operating systems security
      1. Virtualization and security

Recommendations

Rule generalisation in intrusion detection systems using SNORT

Intrusion Detection Systems (IDSs) provide an important layer of security for computer systems and networks. An IDS's responsibility is to detect suspicious or unacceptable system and network activity and to alert a systems administrator to this ...
Syntax vs. semantics: competing approaches to dynamic network intrusion detection

Malicious network traffic, including widespread worm activity, is a growing threat to internet-connected networks and hosts. In this paper, we consider both syntax and semantics based approaches for dynamic network intrusion detection. The semantics-...
Network Intrusion Detection: Automated and Manual Methods Prone to Attack and Evasion

In this article, the authors describe common intrusion detection techniques, NIDS evasion methods, and how NIDSs detect intrusions. Additionally, we introduce new evasion methods, present test results for confirming attack outcomes based on server ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ICPE '19: Proceedings of the 2019 ACM/SPEC International Conference on Performance Engineering

April 2019

348 pages

ISBN:9781450362399

DOI:10.1145/3297663

General Chairs:
Varsha Apte
IIT Bombay, India
,
Antinisca Di Marco
University of L'Aquila, Italy
,
Program Chairs:
Marin Litoiu
York University, Canada
,
José Merseguer
Universidad de Zaragoza, Spain

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 April 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Funding Sources

German Research Foundation (DFG)

Conference

ICPE '19

Sponsor:

ICPE '19: Tenth ACM/SPEC International Conference on Performance Engineering

April 7 - 11, 2019

Mumbai, India

Acceptance Rates

ICPE '19 Paper Acceptance Rate 13 of 71 submissions, 18%;

Overall Acceptance Rate 252 of 851 submissions, 30%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
167
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Iffländer LFella NApte VDi Marco ALitoiu MMerseguer J(2019)Performance Influence of Security Function Chain OrderingCompanion of the 2019 ACM/SPEC International Conference on Performance Engineering10.1145/3302541.3311965(45-46)Online publication date: 27-Mar-2019
https://dl.acm.org/doi/10.1145/3302541.3311965

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents