Correlation-Based Load Balancing for Network Intrusion Detection and Prevention Systems

Download Now Free registration required

Executive Summary

In large-scale enterprise networks, multiple network intrusion detection and prevention systems are used to provide high quality protections. In this context, keeping load evenly distributed among the systems is crucial. This is because even load distributions provide protection to the networks and improve the networks' quality of service. A challenging problem, however, is to maintain the load balancing of the systems while minimizing the loss of correlation information due to distributing traffic. Since anomaly-based detection and prevention of some intrusions, such as Distributed Denial of Service (DDoS) attacks and port scans, require a single system to analyze correlated flows of the attacks, this loss of correlation information might severely affect the accuracy of the detections and preventions.

  • Format: PDF
  • Size: 755.6 KB