• DocumentCode
    3082027
  • Title

    Rule Mode Selection in Intrusion Detection and Prevention Systems

  • Author

    Alsubhi, Khalid ; Alhazmi, Yassir ; Bouabdallah, Nizar ; Boutaba, Raouf

  • Author_Institution
    David R. Cheriton Sch. of Comput. Sci., Univ. of Waterloo, Waterloo, ON, Canada
  • fYear
    2011
  • fDate
    5-9 Dec. 2011
  • Firstpage
    1
  • Lastpage
    6
  • Abstract
    Protection and performance are the major requirements for any Intrusion Detection and/or Prevention System (IDPS). Existing IDPSs do not seem to provide a satisfactory method of achieving these two conflicting goals. Intrusion Detection Systems (IDSs) fulfill the network performance requirement but exhibit poor protection under successive attacks. On the other hand, Intrusion Prevention Systems (IPSs) can protect the network by dropping the malicious packets that match any attacking pattern; however, this can have a negative impact on network performance in terms of delay as the attacking patterns increase. This results in a tradeoff between security enforcement levels on one hand and the performance and usability of an enterprise information system on the other. This paper aims to study the impact of security enforcement levels on the performance and usability of an enterprise information system. We propose a rule mode selection optimization technique that aims to determine an appropriate IDPS configuration set in order to maximize the security enforcement levels while avoiding any unnecessary network performance degradation. Simulation was conducted to validate our proposed technique. The results demonstrate that it is desirable to strike a balance between system security and network performance.
  • Keywords
    computer network performance evaluation; computer network security; management information systems; optimisation; pattern matching; IDPS configuration set; attack protection; attacking pattern matching; enterprise information system performance; enterprise information system usability; intrusion detection system; intrusion prevention system; malicious packet dropout; network performance requirement; rule mode selection optimization; security enforcement levels; Accuracy; Delay; Greedy algorithms; Optimization; Security; Time factors; Vectors;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Global Telecommunications Conference (GLOBECOM 2011), 2011 IEEE
  • Conference_Location
    Houston, TX, USA
  • ISSN
    1930-529X
  • Print_ISBN
    978-1-4244-9266-4
  • Electronic_ISBN
    1930-529X
  • Type

    conf

  • DOI
    10.1109/GLOCOM.2011.6134252
  • Filename
    6134252