Browse Prior Art Database

Improved Intrusion Detection with Grid Computing Disclosure Number: IPCOM000109090D
Original Publication Date: 2005-Mar-23
Included in the Prior Art Database: 2005-Mar-23
Document File: 1 page(s) / 29K

Publishing Venue



A method to improve the performance of network intrusion detection using grid computing

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 100% of the total text.

Page 1 of 1

Improved Intrusion Detection with Grid Computing

Disclosed is a mechanism to enable intrustion detection software to match more event signatures, without having to spend money on additional CPUs. Intrustion detection is computationally intensive. Therefore, most intrusion detection products, such as RealSecure* Network 10/100, keep a queue of events to process. When that queue gets above a certain length, the intrusion detection product stops matching low priority event signatures.

Instead of not matching those event signatures, the intrustion detection product could send the event queue and the list of signatures to an idle computer, using grid computing. Doing this will result in a slower alert (since grid computing is not as fast as using the local CPU of a dedicated machine) than if the pattern was matched locally. However, a slower alert is preferable to no alert at all.

This will improve the reliability of a network intrusion detection system without an additional cost.

* Trademark of Internet Security Systems, Inc.