Implementation and Performance Evaluation of Intrusion Detection Systems under high-speed networks

High-speed networks require a high performance intrusion detection systems (IDS), able to process a large amount of data in real time. So, we have to evaluate IDS going to be deployed in such environnement. In this paper, we present an evaluation approach, based on a series of tests, aiming to measure the performance of the components of an IDS and their effects on the entire system. As well as to study the effect of the characteristics of the deployment environment on the efficiency of the IDS. So, we have implemented the IDS SNORT on machines with different technical characteristics and we have designed a network to generate a set of experiments to measure the performances obtained in the case of a deployment in high-speed networks. Our experiments have revealed the weaknesses of the IDS in a precise way. Mainly, the inability to process multiple packets and the propensity to deposit, without analysis, packets in high-speed networks with heavy traffic. Our work also determined the effect of a component on the entire system and the effect of hardware characteristics on the performance of an IDS.

[1]  Norbik Bashah Idris,et al.  A parallel technique for improving the performance of signature-based network intrusion detection system , 2011, 2011 IEEE 3rd International Conference on Communication Software and Networks.

[2]  D. A. Khorkov Methods for testing network-intrusion detection systems , 2012, Scientific and Technical Information Processing.

[3]  Xinli Wang,et al.  Administrative evaluation of intrusion detection system , 2013, RIIT '13.

[4]  Neil C. Rowe,et al.  A Realistic Experimental Comparison of the Suricata and Snort Intrusion-Detection Systems , 2012, 2012 26th International Conference on Advanced Information Networking and Applications Workshops.

[5]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[6]  Sungryoul Lee,et al.  Kargus: a highly-scalable software-based intrusion detection system , 2012, CCS.

[7]  Ilhame El Farissi,et al.  Modeling and Implementation Approach to Evaluate the Intrusion Detection System , 2015, NETYS.

[8]  D. Mudzingwa,et al.  A study of methodologies used in intrusion detection and prevention systems (IDPS) , 2012, 2012 Proceedings of IEEE Southeastcon.

[9]  Monis Akhlaq,et al.  Implementation and Evaluation of Network Intrusion Detection Systems , 2011, Network Performance Engineering.

[10]  Ilhame El Farissi,et al.  Performance Evaluation of an Intrusion Detection System , 2016 .

[11]  William H. Sanders,et al.  Intrusion Detection for Advanced Metering Infrastructures: Requirements and Architectural Directions , 2010, 2010 First IEEE International Conference on Smart Grid Communications.