Date Added: Dec 2012
As traffic volumes and the types of analysis grow, Network Intrusion Detection Systems (NIDS) face a continuous scaling challenge. Management realities, however, limit NIDS hardware upgrades to occur typically once every 3-5 years. Given that traffic patterns can change dramatically, this leaves a significant scaling challenge in the interim. This motivates the need for practical solutions that can help administrators better utilize and augment their existing NIDS infrastructure. To this end, the authors design a general architecture for network-wide NIDS deployment that leverages three scaling opportunities: on-path distribution to split responsibilities, replicating traffic to NIDS clusters, and aggregating intermediate results to split expensive NIDS processing.