Skip to main content

SNIPS: A software-defined approach for scaling intrusion prevention systems via offloading

Publication ,  Conference
Heorhiadi, V; Fayaz, SK; Reiter, MK; Sekar, V
Published in: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
January 1, 2014

Growing traffic volumes and the increasing complexity of attacks pose a constant scaling challenge for network intrusion prevention systems (NIPS). In this respect, offloading NIPS processing to compute clusters offers an immediately deployable alternative to expensive hardware upgrades. In practice, however, NIPS offloading is challenging on three fronts in contrast to passive network security functions: (1) NIPS offloading can impact other traffic engineering objectives; (2) NIPS offloading impacts user perceived latency; and (3) NIPS actively change traffic volumes by dropping unwanted traffic. To address these challenges, we present the SNIPS system. We design a formal optimization framework that captures tradeoffs across scalability, network load, and latency. We provide a practical implementation using recent advances in software-defined networking without requiring modifications to NIPS hardware. Our evaluations on realistic topologies show that SNIPS can reduce the maximum load by up to 10× while only increasing the latency by 2%.

Duke Scholars

Published In

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

DOI

EISSN

1611-3349

ISSN

0302-9743

Publication Date

January 1, 2014

Volume

8880

Start / End Page

9 / 29

Related Subject Headings

  • Artificial Intelligence & Image Processing
  • 46 Information and computing sciences
 

Citation

APA
Chicago
ICMJE
MLA
NLM
Heorhiadi, V., Fayaz, S. K., Reiter, M. K., & Sekar, V. (2014). SNIPS: A software-defined approach for scaling intrusion prevention systems via offloading. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8880, pp. 9–29). https://doi.org/10.1007/978-3-319-13841-1_2
Heorhiadi, V., S. K. Fayaz, M. K. Reiter, and V. Sekar. “SNIPS: A software-defined approach for scaling intrusion prevention systems via offloading.” In Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 8880:9–29, 2014. https://doi.org/10.1007/978-3-319-13841-1_2.
Heorhiadi V, Fayaz SK, Reiter MK, Sekar V. SNIPS: A software-defined approach for scaling intrusion prevention systems via offloading. In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). 2014. p. 9–29.
Heorhiadi, V., et al. “SNIPS: A software-defined approach for scaling intrusion prevention systems via offloading.” Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 8880, 2014, pp. 9–29. Scopus, doi:10.1007/978-3-319-13841-1_2.
Heorhiadi V, Fayaz SK, Reiter MK, Sekar V. SNIPS: A software-defined approach for scaling intrusion prevention systems via offloading. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). 2014. p. 9–29.

Published In

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

DOI

EISSN

1611-3349

ISSN

0302-9743

Publication Date

January 1, 2014

Volume

8880

Start / End Page

9 / 29

Related Subject Headings

  • Artificial Intelligence & Image Processing
  • 46 Information and computing sciences