Visible to the public SNIPS: A Software-Defined Approach for Scaling Intrusion Prevention Systems via Offloading

TitleSNIPS: A Software-Defined Approach for Scaling Intrusion Prevention Systems via Offloading
Publication TypeConference Paper
Year of Publication2014
AuthorsHeorhiadi, Victor, Fayaz, SeyedKaveh, Reiter, Michael K., Sekar, Vyas
Conference Name10th International Conference on Information Systems Security, ICISS 2014
Date Published12/2014
PublisherSpringer International Publishing
Conference LocationHyderabad, India
ISBN Number978-3-319-13840-4
KeywordsJan'15, NCSU, Redundancy for Network Intrusion Prevention Systems (NIPS), Resilient Architectures

Growing traffic volumes and the increasing complexity of attacks pose a constant scaling challenge for network intrusion prevention systems (NIPS). In this respect, offloading NIPS processing to compute clusters offers an immediately deployable alternative to expensive hardware upgrades. In practice, however, NIPS offloading is challenging on three fronts in contrast to passive network security functions: (1) NIPS offloading can impact other traffic engineering objectives; (2) NIPS offloading impacts user perceived latency; and (3) NIPS actively change traffic volumes by dropping unwanted traffic. To address these challenges, we present the SNIPS system. We design a formal optimization framework that captures tradeoffs across scalability, network load, and latency. We provide a practical implementation using recent advances in software-defined networking without requiring modifications to NIPS hardware. Our evaluations on realistic topologies show that SNIPS can reduce the maximum load by up to 10x while only increasing the latency by 2%.

Citation Keynode-17112
Refereed DesignationRefereed