Network Intrusion Detection Systems in High-Speed Traffic in Computer Networks

With the various and increasingly malicious attacks on networks and wireless systems, traditional security tools such as anti-virus programs and firewalls are not sufficient to provide free, integrated, reliable and secure networks. Intrusion detection systems (IDSs) are one of the most tested and reliable technologies to monitor incoming and outgoing network traffic to identify unauthorized usage and mishandling of computer system networks. It is critical to implement network intrusion detection systems (NIDSs) in computer networks that have high traffic and high-speed connectivity. Due to the fact that software NIDSs are still unable to detect all the growing threats to high-speed environments, such as flood attacks (UDP, TCP, ICMP and HTTP) or Denial and Distributed Denial of Service Attacks (DoS/DDoS), because the main function of these kinds of attacks is simply to send more traffic in high speed to systems to stop or slow down the performance of systems. Here we have designed a suitable real network to present experiments that use Snort NIDSs to demonstrate the weaknesses of NIDSs, such as its inability to process multiple packets at high speeds and its propensity to drop packets without analysing them. This paper outlines Snort NIDSs´ failures in high-speed and heavy traffic and its propensity to drop more packets as the speed and volume of traffic increase. We ran some consecutive tests to analyse the Snort performance using the number of packets received, the number of packets analysed, the number of packets filtered and the number of packets dropped. We suggest a parallel NIDS technology to reduce dropping packets as a solution.