@inproceedings{ef70f70c1890476bbbf4ac4f6736b444,
title = "Vortex: Enabling cooperative selective wormholing for network security systems",
abstract = "We present a novel approach to remote traffic aggregation for Network Intrusion Detection Systems (NIDS) called Cooperative Selective Wormholing (CSW). Our approach works by selectively aggregating traffic bound for unused network ports on a volunteer's commodity PC. CSW could enable NIDS operators to cheaply and efficiently monitor large distributed portions of the Internet, something they are currently incapable of. Based on a study of several hundred hosts in a university network, we posit that there is sufficient heterogeneity in hosts' network service configurations to achieve a high degree of network coverage by re-using unused port space on client machines, We demonstrate Vortex, a proof-of-concept CSW implementation that runs on a wide range of commodity PCs (Unix and Windows). Our experiments show that Vortex can selectively aggregate traffic to a virtual machine backend, effectively allowing two machines to share the same IP address transparently. We close with a discussion of the basic requirements for a large-scale CSW deployment.",
keywords = "Honeynets, Honeypots, Volunteer systems, Wormholes",
author = "Lange, \{John R.\} and Dinda, \{Peter A.\} and Bustamante, \{Fabi{\'a}n E.\}",
year = "2007",
doi = "10.1007/978-3-540-74320-0\_17",
language = "English",
isbn = "9783540743194",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "317--336",
booktitle = "Recent Advances in Intrusion Detection - 10th International Symposium, RAID 2007, Proceedings",
note = "10th International Symposium on Recent Advances in Intrusion Detection, RAID 2007 ; Conference date: 05-09-2007 Through 07-09-2007",
}