Network-Wide Deployment of Intrusion Detection and Prevention Systems
Traditional research efforts for scaling NIDS and NIPS systems using parallelization and hardware-assisted acceleration have largely focused on a single-vantage-point view. In this chapter, the authors explore a different design alternative that exploits spatial, network-wide opportunities for distributing NIDS and NIPS functions throughout a network. They present systematic models that capture the operational constraints and requirements in deploying network-wide NIDS and NIPS capabilities. These formulations enable network administrators to optimally leverage their infrastructure toward their security objectives. For the NIDS case, they design a linear programming formulation for partitioning NIDS functions across a network to ensure that no node is overloaded.