[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content

Implementation and Evaluation of Network Intrusion Detection Systems

  • Chapter
Network Performance Engineering

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 5233))

Abstract

Performance evaluation of Network Intrusion Detection Systems (NIDS) has been carried out to identify its limitations in high speed environment. This has been done by employing evasive and avoidance strategies simulating real-life normal and attack traffic flows on a sophisticated Test-Bench. Snort, an open source Intrusion Detection System, has been selected as an evaluation platform. In this paper, Snort has been evaluated on host and virtual configurations using different operating systems and hardware implementations. Evaluation methodology is based on the concept of stressing the system by injecting various traffic loads (packet sizes, bandwidth and attack signatures) and analyzing its packet handling and detection capacity. We have observed few performance issues with Snort which has resulted into packet drop and low detection rate. Finally, we have analyzed the factors responsible for it and have recommended techniques to improve systems packet handling and detection capability.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
GBP 19.95
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
GBP 93.50
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. John, D., Tessel, S., Young, F.L.: The Hackers Handbook. Auerbach Publications, New York (2004)

    Google Scholar 

  2. Intrusion Detection Systems (IDS) Part 2, Classification; methods; techniques, http://www.windowsecurity.com/articles/IDS-Part2-Classification-methods-techniques.html04

  3. Infrastructure Security Report- ARBOR Networks, http://www.arbornetworks.com/report

  4. Snort, http://www.Snort.org

  5. Paulauskas, N., Sjudutis, J.: Investigation of the Intrusion Detection System “Snort” Performance. Journal of Electrical and Electronics Engineering (2008)

    Google Scholar 

  6. Andrew, R.B., Joel, E.: Snort IDS and IPS Toolkit, Syngress, Canada (2007)

    Google Scholar 

  7. Case, J., Fedor, M., Schoffstall, M., Davin, J.: Simple Network Management Protocol (SNMP), Network Security Research Group, RFC 1157 (1990)

    Google Scholar 

  8. Wu, S., Manber, U.: AGREP, A Fast Approximate Pattern-Matching Tool. In: Proc. of USENIX Winter 1992 Technical Conference, San Francisco, CA, pp. 153–162 (1992)

    Google Scholar 

  9. ProCurve Series 2900 Switch, http://www.hp.com/rnd/products/switches/HP_ProCurveSwitch2900Seriesoverview.htm

  10. Akhlaq, M., Alserhani, F., Awan, I.U., Mellor, J., Cullen, A.J., Mirchandani, P.: Virtualization Efficacy for Network Intrusion Detection Systems in High-speed Networks. In: Weerasinghe, D. (ed.) IS&DF, vol. 41, pp. 26–41. Springer, Heidelberg (2010)

    Google Scholar 

  11. NetCPS, http://www.netchain.com/NetCPS

  12. Tfgen, http://www.st.rim.or.jp/~yumo/pub/tfgen

  13. Http Traffic Generator, http://www.nsauditor.com/

  14. LAN Traffic V2, http://www.topshareware.com/lan-traffic-v2/downloads/1.htm

  15. D-ITG V2.6, http://www.grid.unina.it/Traffic/index.php

  16. Hping V 2, http://www.hping.org/download.html

  17. Metasploit Framework, http://www.metasploit.com/

  18. Bandwidth Monitor, http://www.sourceforge.net/projects

  19. Nload, http://www.sourceforge.net/projects/nload/

  20. Windows XP SP2, http://www.softwarepatch.com/windows/xpsp2.html

  21. Linux 2.6, http://www.kernel.org/

  22. Windows Server 2008, http://www.microsoft.com/windows_server2008/en/us/default.aspx

  23. Free BSD 7.1, http://www.freebsd.org/where.html

  24. An Introduction to Virtualization, http://www.kernelthread.com/publications/virtualization

  25. Business value of virtualization: Realizing the benefits of integrated solutions, http://h18000.www1.hp.com/products/servers/management/vse/Biz_Virtualization_WhitePaper.pdf

  26. Virtualization, http://www.windowsecurity.com/whitepapers/Virtualization.html

  27. Linux NAPI, http://www.linuxfoundation.org/collaborate/workgroups/networking/napi

  28. Berkley Packet Filter, http://www.freebsd.org/releases/7.1R/relnotes.htm

  29. VM Ware Server, http://www.vmware.com/products/server/

  30. SATA Technology, http://www.serialata.org/

  31. Disk Queue Length Counter, http://www.windowsnetworking.com/articles_tutorials/

  32. Alserhani, F., Akhlaq, M., Awan, I.U., Cullen, A.J., Mellor, J., Mirchandani, P.: Evaluating Intrusion Detection Systems in High Speed Networks. In: Proceeding of Fifth IEEE Conf. of Information Assurance and Security, IAS (2009)

    Google Scholar 

  33. Subhan, A., Akhlaq, M., Alserhani, F., Awan, I., Cullen, A., Mellor, J., Mirchandani, P.: Smart Logic - Preventing Packet Drop in High Speed Network Intrusion Detection Systems. In: Weerasinghe, D. (ed.) IS&DF, vol. 41, pp. 57–65. Springer, Heidelberg (2010)

    Google Scholar 

  34. Akhlaq, M., Alserhani, F., Subhan, A., Awan, I.U., Mellor, J., Mirchandani, P.: High Speed NIDS using Dynamic Cluster and Comparator Logic. In: Proc. of 2010 IEEE 10th International Conference on Computer and Information Technology (CIT), pp. 575–581 (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Akhlaq, M., Alserhani, F., Awan, I., Mellor, J., Cullen, A.J., Al-Dhelaan, A. (2011). Implementation and Evaluation of Network Intrusion Detection Systems. In: Kouvatsos, D.D. (eds) Network Performance Engineering. Lecture Notes in Computer Science, vol 5233. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02742-0_42

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-02742-0_42

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-02741-3

  • Online ISBN: 978-3-642-02742-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics