Abstract:
Signature-based Network Intrusion Detection Systems (NIDS) is state-of-the-art for precise attack detection. Using multiple instances of NIDS in parallel is considered th...Show MoreMetadata
Abstract:
Signature-based Network Intrusion Detection Systems (NIDS) is state-of-the-art for precise attack detection. Using multiple instances of NIDS in parallel is considered the most promising solution for improving its processing speed in the scale of high speed network. This can be realized by (1) distributing the network traffic between multiple NIDS to reduce the network load per system or (2) distributing the signatures (rules) between multliple NIDS to reduce the work load per packet. In this paper, we study distribution strategies targeting application and transport layer for both traffic and rule distribution approaches. In addition, we investigate the importance of considering the processing speed optimization in the rule development phase. Our experiments show that in general traffic distribution performs slightly better in terms of packet drop and alert detection compared to rule distribution. The Transport layer distribution strategy shows traffic distribution parallelization detecting 1.6% more alerts and dropping 6% less packets. We also show that optimizing the rules sets further improves the processing speed significantly.
Date of Conference: 19-23 June 2023
Date Added to IEEE Xplore: 21 July 2023
ISBN Information: