Abstract:
Intrusion Prevention System (IPS) sensors represent the initial security barrier of a network. A main challenge in today's Internet environment is the amount of traffic t...View moreMetadata
Abstract:
Intrusion Prevention System (IPS) sensors represent the initial security barrier of a network. A main challenge in today's Internet environment is the amount of traffic these devices have to inspect. This paper presents a linear program for traffic scheduling in multi-sensor environments that alleviates inspection load at sensors. The model uses a per-flow alarm rate metric which quantifies the ratio of the amount of traffic that matches the configured signatures to the amount of traffic inspected. Traffic flows can be classified based on the metric, which permits the efficient use of computational resources to inspect suspicious traffic. Numerical results demonstrate how the proposed model can be used in enterprise networks. While the linear program is not constrained to integral solutions, traffic flows are mostly scheduled for inspection to a single sensor, which facilitates the collection of state information. This feature is essential to detect malicious traffic characterized by composite signatures.
Date of Conference: 09-11 July 2015
Date Added to IEEE Xplore: 12 October 2015
ISBN Information: