Improving network intrusion detection system performance through quality of service configuration and parallel technology

Tools

Bul'ajoul, W. ORCID: 0000-0003-4927-9500, James, A. ORCID: 0000-0001-9274-7803 and Pannu, M., 2015. Improving network intrusion detection system performance through quality of service configuration and parallel technology. Journal of Computer and System Sciences, 81 (6), pp. 981-999. ISSN 0022-0000

Preview

Text
PubSub10365_James.pdf - Pre-print
Download (1MB) | Preview

Official URL: http://doi.org/10.1016/j.jcss.2014.12.012

Abstract

This paper outlines an innovative software development that utilizes Quality of Service (QoS) and parallel technologies in Cisco Catalyst Switches to increase the analytical performance of a Network Intrusion Detection and Protection System (NIDPS) when deployed in highspeed networks. We have designed a real network to present experiments that use a Snort NIDPS. Our experiments demonstrate the weaknesses of NIDPSes, such as inability to process multiple packets and propensity to drop packets in heavy traffic and high-speed networks without analysing them. We tested Snort’s analysis performance, gauging the number of packets sent, analysed, dropped, filtered, injected, and outstanding. We suggest using QoS configuration technologies in a Cisco Catalyst 3560 Series Switch and parallel Snorts to improve NIDPS performance and to reduce the number of dropped packets. Our results show that our novel configuration improves performance.

Item Type:

Journal article

Publication Title:

Journal of Computer and System Sciences

Creators:

Bul'ajoul, W., James, A. and Pannu, M.

Publisher:

Elsevier Inc.

Date:

September 2015

Volume:

Number: