Performance analysis in Intrusion Detection and Prevention Systems

Intrusion Detection and/or Prevention Systems (IDPS) represent an important line of defense against a variety of attacks that can compromise the security and proper functioning of an enterprise information system. Although many IDPS systems have been proposed, their appropriate configuration and control for effective attacks detection/prevention and efficient resources consumption has always been challenging. The evaluation of the IDPS performance for any given security configuration is a crucial step for improving real-time capability. This paper aims to analyze the impact of security enforcement levels on the performance and usability of an enterprise information system. We develop a new analytical model to investigate the relationship between the IDPS performance and the rules mode selection. In particular, we analyze the IDPS rule-checking process along with its consequent action (i.e., alert or drop) on the resulting security of the network, and on the average service time per event. Simulation was conducted to validate our performance analysis study. Our results show that applying different sets of rules categories and configuration parameters impacts average service time and affects system security. The results demonstrate that it is desirable to strike a balance between system security and network performance.