Vortex: Enabling cooperative selective wormholing for network security systems

John R. Lange*, Peter A Dinda, Fabian E Bustamante

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

We present a novel approach to remote traffic aggregation for Network Intrusion Detection Systems (NIDS) called Cooperative Selective Wormholing (CSW). Our approach works by selectively aggregating traffic bound for unused network ports on a volunteer's commodity PC. CSW could enable NIDS operators to cheaply and efficiently monitor large distributed portions of the Internet, something they are currently incapable of. Based on a study of several hundred hosts in a university network, we posit that there is sufficient heterogeneity in hosts' network service configurations to achieve a high degree of network coverage by re-using unused port space on client machines, We demonstrate Vortex, a proof-of-concept CSW implementation that runs on a wide range of commodity PCs (Unix and Windows). Our experiments show that Vortex can selectively aggregate traffic to a virtual machine backend, effectively allowing two machines to share the same IP address transparently. We close with a discussion of the basic requirements for a large-scale CSW deployment.

Original languageEnglish (US)
Title of host publicationRecent Advances in Intrusion Detection - 10th International Symposium, RAID 2007, Proceedings
PublisherSpringer Verlag
Pages317-336
Number of pages20
ISBN (Print)9783540743194
DOIs
StatePublished - 2007
Event10th Symposium on Recent Advances in Intrusion Detection, RAID 2007 - Gold Coast, Australia
Duration: Sep 5 2007Sep 7 2007

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume4637 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other10th Symposium on Recent Advances in Intrusion Detection, RAID 2007
CountryAustralia
CityGold Coast
Period9/5/079/7/07

Keywords

  • Honeynets
  • Honeypots
  • Volunteer systems
  • Wormholes

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'Vortex: Enabling cooperative selective wormholing for network security systems'. Together they form a unique fingerprint.

Cite this