• DocumentCode
    1802375
  • Title

    Evaluating Intrusion Detection Systems in High Speed Networks

  • Author

    Alserhani, Faeiz ; Akhlaq, Monis ; Awan, Irfan U. ; Mellor, John ; Cullen, Andrea J. ; Mirchandani, Pravin

  • Author_Institution
    Inf. Res. Inst., Univ. of Bradford, Bradford, UK
  • Volume
    2
  • fYear
    2009
  • fDate
    18-20 Aug. 2009
  • Firstpage
    454
  • Lastpage
    459
  • Abstract
    The recent era has witnessed tremendous increase in the usage of computer network applications. Users of any type and requirement are compelled to be on a network. Today, the computer has become a network machine rather than a standalone system. This has generated challenges to the network security devices in terms of accuracy and reliability.Intrusion Detection Systems (IDS) are designed for the security needs of networks. Existing Network Intrusion Detection Systems (NIDS) are found to be limited in performance and utility especially once subjected to heavy traffic conditions. It has been observed that NIDS become less effective even when presented with a bandwidth of a few hundred megabits per second. In this work, we have endeavored to identify the causes which lead to unsatisfactory performance of NIDSs. In this regard, we have conducted an extensive performance evaluation of an open source intrusion detection system (Snort). This has been done on a highly sophisticated test-bench with different traffic conditions. We have also used different hardware and software platforms to determine the efficacy of the NIDS under test. Finally, in our results/ analysis, we have identified the factors responsible for the limited performance of Snort. We have also recommended few solutions for improving the performance of Snort.
  • Keywords
    computer networks; reliability; security of data; high speed networks; intrusion detection systems; network security devices; network traffic; performance evaluation; reliability; Application software; Bandwidth; Computer network reliability; Computer networks; Hardware; High-speed networks; Intrusion detection; Open source software; Telecommunication traffic; Testing; Attacks; Intrusion Detection Systems (IDS); Network Tarffic; Performance Evaluation; Snort;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Assurance and Security, 2009. IAS '09. Fifth International Conference on
  • Conference_Location
    Xi´an
  • Print_ISBN
    978-0-7695-3744-3
  • Type

    conf

  • DOI
    10.1109/IAS.2009.276
  • Filename
    5283223