Evaluating Intrusion Detection Systems in High Speed Networks
The recent era has witnessed tremendous increase in the usage of computer network applications. Users of any type and requirement are compelled to be on a network. Today, the computer has become a network machine rather than a standalone system. This has generated challenges to the network security devices in terms of accuracy and reliability.Intrusion Detection Systems (IDS) are designed for the security needs of networks. Existing Network Intrusion Detection Systems (NIDS) are found to be limited in performance and utility especially once subjected to heavy traffic conditions. It has been observed that NIDS become less effective even when presented with a bandwidth of a few hundred megabits per second.In this work, we have endeavored to identify the causes which lead to unsatisfactory performance of NIDSs. In this regard, we have conducted an extensive performance evaluation of an open source intrusion detection system Snort). This has been done on a highly sophisticated testbench with different traffic conditions. We have also used different hardware and software platforms to determine the efficacy of the NIDS under test. Finally, in our results/ analysis, we have identified the factors responsible for the limited performance of Snort. We have also recommended few solutions for improving the performance of Snort.
Attacks Intrusion Detection Systems (IDS) Network Tarffic Performance Evaluation Snort
Faeiz Alserhani Monis Akhlaq Irfan U Awan John Mellor Andrea J Cullen Pravin Mirchandani
Informatics Research Institute,University of Bradford,Bradford,BD7 1DP,United Kingdom Informatics Research Institute,University of Bradford,Bradford,BD7 1DP,United Kingdom and Syphan Tec
国际会议
The Fifth International Conference on Information Assurance and Security(第五届信息保障与安全国际会议)
西安
英文
454-459
2009-08-18(万方平台首次上网日期,不代表论文的发表时间)