VniDS: Towards elastic security with safe and efficient virtualization of network intrusion detection systems

Hongda Li, Hongxin Hu, Guofei Gu, Gail-Joon Ahn, Fuqiang Zhang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

11 Scopus citations

Abstract

Traditional Network Intrusion Detection Systems (NIDSes) are generally implemented on vendor proprietary appliances or middleboxes with poor versatility and flexibility. Emerging Network Function Virtualization (NFV) and Software-Defined Networking (SDN) technologies can virtualize NIDSes and elastically scale them to deal with attack traffic variations. However, such an elasticity feature must not come at the cost of decreased detection effectiveness and expensive provisioning. In this paper, we propose an innovative NIDS architecture, vNIDS, to enable safe and efficient virtualization of NIDSes. vNIDS addresses two key challenges with respect to effective intrusion detection and non-monolithic NIDS provisioning in virtualizing NIDSes. The former challenge is addressed by detection state sharing while minimizing the sharing overhead in virtualized environments. In particular, static program analysis is employed to determine which detection states need to be shared. vNIDS addresses the latter challenge by provisioning virtual NIDSes as microservices and employing program slicing to partition the detection logic programs so that they can be executed by each microservice separately. We implement a prototype of vNIDS to demonstrate the feasibility of our approach. Our evaluation results show that vNIDS could offer both effective intrusion detection and efficient provisioning for NIDS virtualization.

Original languageEnglish (US)
Title of host publicationCCS 2018 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery
Pages17-34
Number of pages18
ISBN (Electronic)9781450356930
DOIs
StatePublished - Oct 15 2018
Event25th ACM Conference on Computer and Communications Security, CCS 2018 - Toronto, Canada
Duration: Oct 15 2018 → …

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Other

Other25th ACM Conference on Computer and Communications Security, CCS 2018
CountryCanada
CityToronto
Period10/15/18 → …

Keywords

  • Network Function Virtualization
  • Network Intrusion Detection Systems
  • Software-Defined Networking

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'VniDS: Towards elastic security with safe and efficient virtualization of network intrusion detection systems'. Together they form a unique fingerprint.

Cite this