A low-cost, connection aware, load-balancing solution for distributing Gigabit Ethernet traffic between two intrusion detection systems

In today's world of computer networking, Gigabit Ethernet is quickly becoming the norm for connectivity in computer networks. The ease of access to information on these networks leads to new information being made available daily. Rises in both malicious users and malicious network traffic increase the need for intrusion detection systems to monitor network traffic. However, intrusion detection systems capable of processing network traffic at the rate necessary for Gigabit Ethernet are typically expensive. An alternative to purchasing one of these systems is to use multiple, cheaper intrusion detection systems and run them in parallel. This requires that traffic be distributed to these intrusion detection systems such that their traffic monitoring activity is unaffected. For typical intrusion detection systems this means that all traffic belonging to a single connection cannot be separated. This thesis presents the design and implementation of a low-cost, connection aware, load balancing solution capable of distributing traffic to two intrusion detection systems while ensuring that all traffic for a given connection is not separated.