Research And Implementation On Dynamic Load-Balancing Strategy In High-Speed Network For Intrusion Detection System

With the rapid development of the network technologies and applications，moreand more network attack techniques bring a serious challenge to the network security，traditional network security techniques such as data encryption，firewall are staticsecurity techniques so that can’t adapt the modern dynamic network. Therefore，as anew and dynamic network security technique， intrusion detection system hasbecome into a hot topic of research and plays an important role in network securitysystem.However，data processing of traditional network intrusion detection system(NIDS)and high network isn’t match in high-speed network， thus causing someintrusions of data packets miss. An important solution to this problem is applies loadbalancing technology to intrusion detection system. Load balancing technologyreduce the network load of each detection engine as a result of network packets aresplit by load balancer to different detection engine，which make intrusion detectionsystem adapt to high-speed network.A dynamic hierarchical load-balancing （DHLB）strategy is proposed in the paper，which aiming at the problems of higher packet loss rate and lower detection rate oftraditional load-balancing strategy in high-speed network for NIDS.DHLB strategyconsiders the real-time load and responsiveness of each detection engine，and it canensure that dispatches the same connection to a detection engine owing to distributestraffic by session. DHLB strategy is divided to two stages， DHLB strategy classifyprimitive types of segment of the network being monitored by application levelprotocol，the others belonged to a group firstly，then it maps the corresponding packetto number of NIDS detection engine based on Hash function of simple and effective，every part of the network traffic is detected by corresponding detection engine，thetraffic of overload is distributed to other detection engine reasonably.Module of load balancing based on dynamic hierarchical load-balancing strategyfor NIDS is designed and implemented in this paper，to test the performance of theDHLB，this paper designs a test scheme based on Snort，the test data in it is from1999DARPA intrusion detection evaluation data sets of Lincoln Laboratory，and the testanalyzes the effect of load balancing by means of studying the relationship betweennetwork traffic and packet loss rate，detection rate．The contrast experiments show，DHLB strategy has an absolute advantage over round robin algorithm and weaker than the least queue strategy in packet loss rate，lower packets loss rate can be achieved inleast queue by sacrificing the detection rate. When network traffic rapidly increase，round robin algorithm and least queue strategy quick lowering of diction rate andDHLB strategy keep high detection rate.