Skip to main content
SpringerLink
Log in

Capacity Verification for High Speed Network Intrusion Detection Systems

  • Conference paper
  • First Online:
Recent Advances in Intrusion Detection (RAID 2002)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2516))

Included in the following conference series:

Abstract

Commercially available Network Intrusion Detection Systems (NIDS) came onto the market over six years ago. These systems have gained acceptance as a viable means of monitoring the security of consumer networks, yet no commercial standards exist to help consumers understand the capacity characteristics of these devices. Existing NIDS tests are flawed. These tests resemble the same tests used with other networking equipment, such as switches and routers. However, switches and routers do not conduct the same level of deep packet inspection, nor require the higher-level protocol awareness that a NIDS demands. Therefore, the current testing does not allow consumers to infer any expected performance in their environment. Designing a new set of tests that is specific to the weak areas, or bottlenecks, of a NIDS is the key to discovering metrics meaningful to the consumers. Any consumer of NIDS technology can then examine the metrics used in the tests and profile his network traffic to these same metrics. The consumer can use standard test results to accurately predict performance on his network. This paper proposes a test methodology for standardized capacity benchmarking of NIDS. The test methodology starts with examining the bottlenecks in a NIDS, mapping these bottlenecks to metrics that can be tested, and then exploring some results from tests conducted.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Mier Communications: Test report for ManHunt from Recourse Inc. and test report for Intrusion.com’ s NIDS. At: http://www.mier.com/reports/vendor.html

  2. Ranum, M.: Experiences Benchmarking Intrusion Detection Systems. At: http://www.nfr.com/forum/white-papers/Benchmarking-IDS-NFR.pdf

  3. Claffy, K., Miller, G., Thompson, K.: the nature of the beast: recent traffic measurements from an Internet backbone. At: http://www.caida.org/outreach/-papers/1998/Inet98/ (1998)

  4. McCreary, S., Claffy, K.: Trends in Wide Area IP Traffic Patterns: A View from Ames Internet Exchange. At: http://www.caida.org/outreach/papers/2000/-AIX0005/ (2000)

Download references

Author information

Authors and Affiliations

  1. Cisco Systems, Inc., 12515 Research Blvd., Austin, TX, 78759, USA

    Mike Hall & Kevin Wiley

Authors
  1. Mike Hall
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kevin Wiley
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. IBM Zurich Research Laboratory, Säumerstraße 4, 8803, Rüschlikon, Switzerland

    Andreas Wespi

  2. Department of Computer Science, University of California at Santa Barbara, Santa Barbara, CA, 93106-5110, USA

    Giovanni Vigna

  3. Centro Serra, University of Pisa, Lungarno Pacinotti 43, 56100, Pisa, Italy

    Luca Deri

Rights and permissions

Reprints and permissions

Copyright information

© 2002 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Hall, M., Wiley, K. (2002). Capacity Verification for High Speed Network Intrusion Detection Systems. In: Wespi, A., Vigna, G., Deri, L. (eds) Recent Advances in Intrusion Detection. RAID 2002. Lecture Notes in Computer Science, vol 2516. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36084-0_13

Download citation

  • DOI: https://doi.org/10.1007/3-540-36084-0_13

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-00020-4

  • Online ISBN: 978-3-540-36084-1

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation