TU Berlin

Main document

Literature Database Entry


Mohammad Ezzati, "Load Balancing Among Multiple Intrusion Detection Systems in SDN," Master's Thesis, Telecommunication Networks Group (TKN), TU Berlin (TUB), September 2021. (Advisor: Hossein Doroud; Referees: Falko Dressler and Thomas Sikora)


As networks expand, so does the potential for data loss or theft. Because in today’sworld, a lot of information is being transmitted over the network, causing intrudersto carry out more network attacks than before. So, networks should be protectedagainst attacks. Using Intrusion Detection System(IDS) as a second layer of defenceafter the Firewall can help achieve this goal. An IDS is a tool or software thatmonitors and detects malicious activities occurring in the network. Because of highvolume of the traffic in the network and the limitations of IDS resources, an IDScannot detect all network attacks properly. In addition, because of its placementin the network, it can only inspect packets in its own domain. This means thatthe protection coverage of an IDS is limited and can not cover the entire network.So in order to increase the protection coverage, IDS should be distributed in thenetwork. Distributed Intrusion Detection Systems(DIDS) brings more protectioncoverage in the network, but besides this great advantage, it also brings challengesor problems. In this way, if we do not distribute the traffic properly between theseIDSs in the network and do not balance the traffic among them, we do not use all oftheir capabilities and some of them may be can not detect more attacks due to theirheavy load.Software Defined Networking(SDN) have become popular in recent years and areincreasingly used because of its features. The main difference between these net-works and traditional networks is the separation of data plane from control plane.Due to this separation and the flexibility of these networks, it is easy to install andimplement new networking applications. Also, because of existence the controllerin SDN networks, which acts as the brain of the network, we can always have anoverall view of the network. Having this capability helps to manage the networktraffic and distribute it among the nodes better than traditional networks.In this thesis, by distributing the IDSs and also with the help of a SDN controller,I want to control the network traffic efficiently between the IDSs. I will addressthe issues that will arise with the implementation of DIDS. These problems are thedouble checking of the traffic between two subnets or overloading of one of the IDSsin the subdomain. Using the solutions presented in this thesis, I will improve the protection coverage at high speeds and balance the traffic efficiently between IDSsin defined issues.

Quick access

BibTeX BibTeX


Mohammad Ezzati

BibTeX reference

    author = {Ezzati, Mohammad},
    title = {{Load Balancing Among Multiple Intrusion Detection Systems in SDN}},
    advisor = {Doroud, Hossein},
    institution = {Telecommunication Networks Group (TKN)},
    location = {Berlin, Germany},
    month = {9},
    referee = {Dressler, Falko and Sikora, Thomas},
    school = {TU Berlin (TUB)},
    type = {Master's Thesis},
    year = {2021},

Copyright notice

Links to final or draft versions of papers are presented here to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or distributed for commercial purposes without the explicit permission of the copyright holder.

The following applies to all papers listed above that have IEEE copyrights: Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.

The following applies to all papers listed above that are in submission to IEEE conference/workshop proceedings or journals: This work has been submitted to the IEEE for possible publication. Copyright may be transferred without notice, after which this version may no longer be accessible.

The following applies to all papers listed above that have ACM copyrights: ACM COPYRIGHT NOTICE. Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from Publications Dept., ACM, Inc., fax +1 (212) 869-0481, or permissions@acm.org.

The following applies to all SpringerLink papers listed above that have Springer Science+Business Media copyrights: The original publication is available at www.springerlink.com.

This page was automatically generated using BibDB and bib2web.


Featured Paper