Vortex: Enabling cooperative selective wormholing for network security systems

John R. Lange; Peter A Dinda; Fabian E Bustamante

doi:10.1007/978-3-540-74320-0_17

Vortex: Enabling cooperative selective wormholing for network security systems

John R. Lange^*, Peter A Dinda, Fabian E Bustamante

^*Corresponding author for this work

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

We present a novel approach to remote traffic aggregation for Network Intrusion Detection Systems (NIDS) called Cooperative Selective Wormholing (CSW). Our approach works by selectively aggregating traffic bound for unused network ports on a volunteer's commodity PC. CSW could enable NIDS operators to cheaply and efficiently monitor large distributed portions of the Internet, something they are currently incapable of. Based on a study of several hundred hosts in a university network, we posit that there is sufficient heterogeneity in hosts' network service configurations to achieve a high degree of network coverage by re-using unused port space on client machines, We demonstrate Vortex, a proof-of-concept CSW implementation that runs on a wide range of commodity PCs (Unix and Windows). Our experiments show that Vortex can selectively aggregate traffic to a virtual machine backend, effectively allowing two machines to share the same IP address transparently. We close with a discussion of the basic requirements for a large-scale CSW deployment.

Original language	English (US)
Title of host publication	Recent Advances in Intrusion Detection - 10th International Symposium, RAID 2007, Proceedings
Publisher	Springer Verlag
Pages	317-336
Number of pages	20
ISBN (Print)	9783540743194
DOIs	https://doi.org/10.1007/978-3-540-74320-0_17
State	Published - 2007
Event	10th Symposium on Recent Advances in Intrusion Detection, RAID 2007 - Gold Coast, Australia Duration: Sep 5 2007 → Sep 7 2007

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	4637 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	10th Symposium on Recent Advances in Intrusion Detection, RAID 2007
Country/Territory	Australia
City	Gold Coast
Period	9/5/07 → 9/7/07

Keywords

Honeynets
Honeypots
Volunteer systems
Wormholes

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-540-74320-0_17

Cite this

Lange, J. R., Dinda, P. A., & Bustamante, F. E. (2007). Vortex: Enabling cooperative selective wormholing for network security systems. In Recent Advances in Intrusion Detection - 10th International Symposium, RAID 2007, Proceedings (pp. 317-336). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4637 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-540-74320-0_17

Lange, John R. ; Dinda, Peter A ; Bustamante, Fabian E. / Vortex : Enabling cooperative selective wormholing for network security systems. Recent Advances in Intrusion Detection - 10th International Symposium, RAID 2007, Proceedings. Springer Verlag, 2007. pp. 317-336 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{29a43709449a48deb18c8b16647d5b79,

title = "Vortex: Enabling cooperative selective wormholing for network security systems",

abstract = "We present a novel approach to remote traffic aggregation for Network Intrusion Detection Systems (NIDS) called Cooperative Selective Wormholing (CSW). Our approach works by selectively aggregating traffic bound for unused network ports on a volunteer's commodity PC. CSW could enable NIDS operators to cheaply and efficiently monitor large distributed portions of the Internet, something they are currently incapable of. Based on a study of several hundred hosts in a university network, we posit that there is sufficient heterogeneity in hosts' network service configurations to achieve a high degree of network coverage by re-using unused port space on client machines, We demonstrate Vortex, a proof-of-concept CSW implementation that runs on a wide range of commodity PCs (Unix and Windows). Our experiments show that Vortex can selectively aggregate traffic to a virtual machine backend, effectively allowing two machines to share the same IP address transparently. We close with a discussion of the basic requirements for a large-scale CSW deployment.",

keywords = "Honeynets, Honeypots, Volunteer systems, Wormholes",

author = "Lange, {John R.} and Dinda, {Peter A} and Bustamante, {Fabian E}",

year = "2007",

doi = "10.1007/978-3-540-74320-0_17",

language = "English (US)",

isbn = "9783540743194",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "317--336",

booktitle = "Recent Advances in Intrusion Detection - 10th International Symposium, RAID 2007, Proceedings",

note = "10th Symposium on Recent Advances in Intrusion Detection, RAID 2007 ; Conference date: 05-09-2007 Through 07-09-2007",

}

Lange, JR, Dinda, PA & Bustamante, FE 2007, Vortex: Enabling cooperative selective wormholing for network security systems. in Recent Advances in Intrusion Detection - 10th International Symposium, RAID 2007, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4637 LNCS, Springer Verlag, pp. 317-336, 10th Symposium on Recent Advances in Intrusion Detection, RAID 2007, Gold Coast, Australia, 9/5/07. https://doi.org/10.1007/978-3-540-74320-0_17

Vortex: Enabling cooperative selective wormholing for network security systems. / Lange, John R.; Dinda, Peter A ; Bustamante, Fabian E.
Recent Advances in Intrusion Detection - 10th International Symposium, RAID 2007, Proceedings. Springer Verlag, 2007. p. 317-336 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4637 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Vortex

T2 - 10th Symposium on Recent Advances in Intrusion Detection, RAID 2007

AU - Lange, John R.

AU - Dinda, Peter A

AU - Bustamante, Fabian E

PY - 2007

Y1 - 2007

N2 - We present a novel approach to remote traffic aggregation for Network Intrusion Detection Systems (NIDS) called Cooperative Selective Wormholing (CSW). Our approach works by selectively aggregating traffic bound for unused network ports on a volunteer's commodity PC. CSW could enable NIDS operators to cheaply and efficiently monitor large distributed portions of the Internet, something they are currently incapable of. Based on a study of several hundred hosts in a university network, we posit that there is sufficient heterogeneity in hosts' network service configurations to achieve a high degree of network coverage by re-using unused port space on client machines, We demonstrate Vortex, a proof-of-concept CSW implementation that runs on a wide range of commodity PCs (Unix and Windows). Our experiments show that Vortex can selectively aggregate traffic to a virtual machine backend, effectively allowing two machines to share the same IP address transparently. We close with a discussion of the basic requirements for a large-scale CSW deployment.

AB - We present a novel approach to remote traffic aggregation for Network Intrusion Detection Systems (NIDS) called Cooperative Selective Wormholing (CSW). Our approach works by selectively aggregating traffic bound for unused network ports on a volunteer's commodity PC. CSW could enable NIDS operators to cheaply and efficiently monitor large distributed portions of the Internet, something they are currently incapable of. Based on a study of several hundred hosts in a university network, we posit that there is sufficient heterogeneity in hosts' network service configurations to achieve a high degree of network coverage by re-using unused port space on client machines, We demonstrate Vortex, a proof-of-concept CSW implementation that runs on a wide range of commodity PCs (Unix and Windows). Our experiments show that Vortex can selectively aggregate traffic to a virtual machine backend, effectively allowing two machines to share the same IP address transparently. We close with a discussion of the basic requirements for a large-scale CSW deployment.

KW - Honeynets

KW - Honeypots

KW - Volunteer systems

KW - Wormholes

UR - http://www.scopus.com/inward/record.url?scp=38149097613&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=38149097613&partnerID=8YFLogxK

U2 - 10.1007/978-3-540-74320-0_17

DO - 10.1007/978-3-540-74320-0_17

M3 - Conference contribution

AN - SCOPUS:38149097613

SN - 9783540743194

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 317

EP - 336

BT - Recent Advances in Intrusion Detection - 10th International Symposium, RAID 2007, Proceedings

PB - Springer Verlag

Y2 - 5 September 2007 through 7 September 2007

ER -

Lange JR, Dinda PA , Bustamante FE. Vortex: Enabling cooperative selective wormholing for network security systems. In Recent Advances in Intrusion Detection - 10th International Symposium, RAID 2007, Proceedings. Springer Verlag. 2007. p. 317-336. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-540-74320-0_17

Vortex: Enabling cooperative selective wormholing for network security systems

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this