Evaluating Intrusion Detection Systems in High Speed Networks

Alserhani, Faeiz; Akhlaq, Monis; Awan, Irfan; Mellor, John; Cullen, Andréa; Mirchandani, Pravin

doi:10.1109/ias.2009.276

Cited by 10 publications

(4 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A general NIDS without any hardware or software accelerations can just process packets at Kpps (packets per second) or Mbps (bits per second) [3][4][5]. In order to promote the processing speed, multicore-based string matching has been studied.…”

Section: Related Workmentioning

confidence: 99%

An Embedded NIDS with Multi-core Aware Packet Capture

Hsu

Wang

2013

2013 IEEE 16th International Conference on Computational Science and Engineering

View full text Add to dashboard Cite

Network security has been a serious problem in the Internet. To face this issue, network intrusion detection tools have become indispensable for computer systems and network gateways. In this paper we propose an embedded, multi-core aware network intrusion detection system (NIDS), which has the following features: 1) It integrates a novel multi-core aware packet capture module, called the MCA ring, and an NIDS. 2) It exploits a zero-copy mechanism to remove the overheads of packet copy processing from the network interface driver to the NIDS application. 3) It uses the concept of process and IRQ affinity to enhance the processing speed. The performance of NIDS under different packet capture modules in multi-gigabits networks has also been analyzed and presented in this paper. The results show that our integrated multi-core aware MCA ring and NIDS is effective for detecting network intrusion attacks in multigigabits networks.

show abstract

Section: Related Workmentioning

confidence: 99%

An Embedded NIDS with Multi-core Aware Packet Capture

Hsu

Wang

2013

2013 IEEE 16th International Conference on Computational Science and Engineering

View full text Add to dashboard Cite

show abstract

“…Conventional software-programmable processors are sorely pressed to keep up with these speeds. A recent evaluation of the popular network intrusion detection system Snort showed that such a software system can scan only up to 200 Mb/s without noticeable packet loss on a standard CPU [1].…”

Section: Introductionmentioning

confidence: 99%

NetStage/DPR: A self-reconfiguring platform for active and passive network security operations

Mühlbach

Koch

2012

Microprocessors and Microsystems

View full text Add to dashboard Cite

“…While employing the NIDS can detect and monitor network based threats without violating network policies, all packets in the entire network may not be completely analysed, and thus may cause a considerable delay in high-speed and heavy-load network environments [2,10,[18][19][20]. Therefore, it is vital that the NIDS should be able to deal with a large amount of traffic in a short time frame where all variations of network deployment, e.g., network speed, bandwidth, hardware resources, memory and processing power, need to be taken into account, and several nodes can be used in parallel and concurrently.…”

Section: Related Workmentioning

confidence: 99%

“…However, they also bring huge security challenges to deal with security breaches, loss of private and confidential data or service disruption, etc. in order to provide a perfect security mechanism for their clients or customers [1][2][3][4].…”

Section: Introductionmentioning

confidence: 99%

A Comparative Experimental Design and Performance Analysis of Snort-Based Intrusion Detection System in Practical Computer Networks

et al. 2017

View full text Add to dashboard Cite

Abstract:As one of the most reliable technologies, network intrusion detection system (NIDS) allows the monitoring of incoming and outgoing traffic to identify unauthorised usage and mishandling of attackers in computer network systems. To this extent, this paper investigates the experimental performance of Snort-based NIDS (S-NIDS) in a practical network with the latest technology in various network scenarios including high data speed and/or heavy traffic and/or large packet size. An effective testbed is designed based on Snort using different muti-core processors, e.g., i5 and i7, with different operating systems, e.g., Windows 7, Windows Server and Linux. Furthermore, considering an enterprise network consisting of multiple virtual local area networks (VLANs), a centralised parallel S-NIDS (CPS-NIDS) is proposed with the support of a centralised database server to deal with high data speed and heavy traffic. Experimental evaluation is carried out for each network configuration to evaluate the performance of the S-NIDS in different network scenarios as well as validating the effectiveness of the proposed CPS-NIDS. In particular, by analysing packet analysis efficiency, an improved performance of up to 10% is shown to be achieved with Linux over other operating systems, while up to 8% of improved performance can be achieved with i7 over i5 processors.

show abstract

Evaluating Intrusion Detection Systems in High Speed Networks

Cited by 10 publications

References 3 publications

An Embedded NIDS with Multi-core Aware Packet Capture

An Embedded NIDS with Multi-core Aware Packet Capture

NetStage/DPR: A self-reconfiguring platform for active and passive network security operations

A Comparative Experimental Design and Performance Analysis of Snort-Based Intrusion Detection System in Practical Computer Networks

Contact Info

Product

Resources

About