monkit 2 - Distributed Monitoring and Attack Detection in 10 GBit/s Networks

Institution

  • Computer and Communication Systems, University of Innsbruck

Team

Funding

  • BSI (Bundesamt für Sicherheit in der Informationstechnik)

Project Time

  • 01.12.2011-31.12.2012

Homepage

Description

The objective is to develop a new and more advanced version of our monkit appliance, which combines efficient network monitoring with attack detection in early warning systems. Looking at current network infrastructures, link speeds of 10 GBit/s and more became quite common. Yet, typical monitoring appliances still have problems operating at those speeds. We aim to establish novel alrogithmic solusions bundled with hardware and Linux kernel support to enable the monkit appliance to operating in 10 GBit/s networks. IN a first step, we carefully evaluated all parts of the appliance to identify performance bottlenecks and possible improvements.

Selected Publications

2012

Journals and Magazines

  1. Tobias Limmer and Falko Dressler, "On Network Monitoring for Intrusion Detection," Praxis der Informationsverarbeitung und Kommunikation, vol. 35 (1), pp. 32–39, April 2012. [DOI, BibTeX, PDF, More details]

2011

Conferences and Workshops

  1. Tobias Limmer and Falko Dressler, "Adaptive Load Balancing for Parallel IDS on Multi-Core Systems using Prioritized Flows," Proceedings of IEEE International Conference on Computer Communication Networks (ICCCN 2011), Maui, HI, July 2011, pp. 1–8. [DOI, BibTeX, PDF, More details]
  2. Tobias Limmer and Falko Dressler, "Improving the Performance of Intrusion Detection using Dialog-based Payload Aggregation," Proceedings of 30th IEEE Conference on Computer Communications (INFOCOM 2011), 14th IEEE Global Internet Symposium (GI 2011), Shanghai, China, April 2011, pp. 833–838. [DOI, BibTeX, PDF, More details]