Abstract
Performance evaluation of Network Intrusion Detection Systems (NIDS) has been carried out to identify its limitations in high speed environment. This has been done by employing evasive and avoidance strategies simulating real-life normal and attack traffic flows on a sophisticated Test-Bench. Snort, an open source Intrusion Detection System, has been selected as an evaluation platform. In this paper, Snort has been evaluated on host and virtual configurations using different operating systems and hardware implementations. Evaluation methodology is based on the concept of stressing the system by injecting various traffic loads (packet sizes, bandwidth and attack signatures) and analyzing its packet handling and detection capacity. We have observed few performance issues with Snort which has resulted into packet drop and low detection rate. Finally, we have analyzed the factors responsible for it and have recommended techniques to improve systems packet handling and detection capability.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
John, D., Tessel, S., Young, F.L.: The Hackers Handbook. Auerbach Publications, New York (2004)
Intrusion Detection Systems (IDS) Part 2, Classification; methods; techniques, http://www.windowsecurity.com/articles/IDS-Part2-Classification-methods-techniques.html04
Infrastructure Security Report- ARBOR Networks, http://www.arbornetworks.com/report
Snort, http://www.Snort.org
Paulauskas, N., Sjudutis, J.: Investigation of the Intrusion Detection System “Snort” Performance. Journal of Electrical and Electronics Engineering (2008)
Andrew, R.B., Joel, E.: Snort IDS and IPS Toolkit, Syngress, Canada (2007)
Case, J., Fedor, M., Schoffstall, M., Davin, J.: Simple Network Management Protocol (SNMP), Network Security Research Group, RFC 1157 (1990)
Wu, S., Manber, U.: AGREP, A Fast Approximate Pattern-Matching Tool. In: Proc. of USENIX Winter 1992 Technical Conference, San Francisco, CA, pp. 153–162 (1992)
ProCurve Series 2900 Switch, http://www.hp.com/rnd/products/switches/HP_ProCurveSwitch2900Seriesoverview.htm
Akhlaq, M., Alserhani, F., Awan, I.U., Mellor, J., Cullen, A.J., Mirchandani, P.: Virtualization Efficacy for Network Intrusion Detection Systems in High-speed Networks. In: Weerasinghe, D. (ed.) IS&DF, vol. 41, pp. 26–41. Springer, Heidelberg (2010)
NetCPS, http://www.netchain.com/NetCPS
Http Traffic Generator, http://www.nsauditor.com/
LAN Traffic V2, http://www.topshareware.com/lan-traffic-v2/downloads/1.htm
D-ITG V2.6, http://www.grid.unina.it/Traffic/index.php
Hping V 2, http://www.hping.org/download.html
Metasploit Framework, http://www.metasploit.com/
Bandwidth Monitor, http://www.sourceforge.net/projects
Windows XP SP2, http://www.softwarepatch.com/windows/xpsp2.html
Linux 2.6, http://www.kernel.org/
Windows Server 2008, http://www.microsoft.com/windows_server2008/en/us/default.aspx
Free BSD 7.1, http://www.freebsd.org/where.html
An Introduction to Virtualization, http://www.kernelthread.com/publications/virtualization
Business value of virtualization: Realizing the benefits of integrated solutions, http://h18000.www1.hp.com/products/servers/management/vse/Biz_Virtualization_WhitePaper.pdf
Virtualization, http://www.windowsecurity.com/whitepapers/Virtualization.html
Linux NAPI, http://www.linuxfoundation.org/collaborate/workgroups/networking/napi
Berkley Packet Filter, http://www.freebsd.org/releases/7.1R/relnotes.htm
VM Ware Server, http://www.vmware.com/products/server/
SATA Technology, http://www.serialata.org/
Disk Queue Length Counter, http://www.windowsnetworking.com/articles_tutorials/
Alserhani, F., Akhlaq, M., Awan, I.U., Cullen, A.J., Mellor, J., Mirchandani, P.: Evaluating Intrusion Detection Systems in High Speed Networks. In: Proceeding of Fifth IEEE Conf. of Information Assurance and Security, IAS (2009)
Subhan, A., Akhlaq, M., Alserhani, F., Awan, I., Cullen, A., Mellor, J., Mirchandani, P.: Smart Logic - Preventing Packet Drop in High Speed Network Intrusion Detection Systems. In: Weerasinghe, D. (ed.) IS&DF, vol. 41, pp. 57–65. Springer, Heidelberg (2010)
Akhlaq, M., Alserhani, F., Subhan, A., Awan, I.U., Mellor, J., Mirchandani, P.: High Speed NIDS using Dynamic Cluster and Comparator Logic. In: Proc. of 2010 IEEE 10th International Conference on Computer and Information Technology (CIT), pp. 575–581 (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Akhlaq, M., Alserhani, F., Awan, I., Mellor, J., Cullen, A.J., Al-Dhelaan, A. (2011). Implementation and Evaluation of Network Intrusion Detection Systems. In: Kouvatsos, D.D. (eds) Network Performance Engineering. Lecture Notes in Computer Science, vol 5233. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02742-0_42
Download citation
DOI: https://doi.org/10.1007/978-3-642-02742-0_42
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-02741-3
Online ISBN: 978-3-642-02742-0
eBook Packages: Computer ScienceComputer Science (R0)