 |
    |
Virtualization in Network Intrusion Detection Systems
Monis Akhlaq1, Faeiz Alserhani1, Irfan U. Awan1, Andrea J. Cullen1, John Mellor1, and Pravin Mirchandani2
1Informatics Research Institute, University of Bradford, Bradford, BD7 1DP, United Kingdom
m.akhlaq2@bradford.ac.uk
f.m.f.alserhani@bradford.ac.uk
i.u.awan@bradford.ac.uk
a.j.cullen@bradford.ac.uk
j.e.mellor@bradford.ac.uk
2Syphan Technologies
pmirchandani@syphan.com
http://www.syphan.com
Abstract. This research work has focussed on analysing the efficacy of the virtualization concept for Network Intrusion Detection Systems (NIDS) in the high-speed environment. We have selected an open source NIDS, Snort for evaluation. Snort has been evaluated on virtual systems built on Windows XP SP2, Linux 2.6 and Free BSD 7.1 platforms. Our results have identified a strong performance limitation of NIDS running on virtual platforms. This can be concluded that virtualization is not an ideal solution for NIDS in high-speed environments.
LNCS 5872, p. 6 ff.
lncs@springer.com
© Springer-Verlag Berlin Heidelberg 2009