Konferenzbeitrag
Intrusion prevention with active networks: A performance comparison between user and kernel-space implementation
Lade...
Volltext URI
Dokumententyp
Text/Conference Paper
Zusatzinformation
Datum
2004
Autor:innen
Zeitschriftentitel
ISSN der Zeitschrift
Bandtitel
Verlag
Gesellschaft für Informatik e.V.
Zusammenfassung
Recent experiences with attacks in the Internet and especially the tremendous increase in the propagation speed of self-distributing attacks clearly show that the problem of exploiting vulnerabilities of hosts connected to the Internet can not be countered appropriately with an approach that is only aiming to defend against attacks by fixing security holes when patches become available. In order to overcome this situation, various researchers are working on network based intrusion prevention. One specific approach in this respect aims at deploying programmable networking technology (sometimes also called active networking technology) that allows to dynamically deploy task-specific services on so-called active routers for intrusion prevention purposes. However, as an intrusion prevention system (IPS) necessarily has a certain impact on the network performance because each packet is analyzed in terms of malicious content before being forwarded, the important criterion of processing efficiency has to be taken into account in the design and implementation of such a system while at the same time also considering further requirements like robustness and security. One particular design question arising in this context is if specific intrusion prevention modules should be executed in useror in kernel-space. In order to thoroughly discuss this question we realized two prototypes: a userand a kernel-space implementation. In this paper we discuss both architectures and we present performance results in terms of throughput, delay and loss rate.