Effect of Network Traffic on IPS Performance

Abstract

The importance of network security has grown tremendously and intrusion prevention/detection systems (IPS/IDS) have been widely developed to insure the security of network against suspicious threat. Computer network intrusion detection and prevention system consist of collecting traffic data, analyzing them based on detection rules and generate alerts or dropping them if necessary. However IPS has problems such as accuracy signature, the traffic volume, topology design, monitoring sensors. In this paper, we practically examine the traffic effect on performance of IPS. We first examine the detection of DOS attack on a web server by IPS and then we generate network traffic to see how the behavior of IPS has influenced on detection of DOS attack.

Share and Cite:

S. Mohammadi, V. Allahvakil and M. Khaghani, "Effect of Network Traffic on IPS Performance," Journal of Information Security, Vol. 3 No. 2, 2012, pp. 162-168. doi: 10.4236/jis.2012.32019.

Conflicts of Interest

The authors declare no conflicts of interest.

References

[1] D. Padilla, Y. Colorado and E. Guillen, “Weaknesses and Strengths Analysis over NetworkBased Intrusion Detection and Prevention Systems,” Proceedings of the LatinAmerican Conference on Communications of the IEEE LATINCOM 09, Medellin, 11-19 September 2009, pp. 1-5. doi:10.1109/ICSMC.2010.5642331
[2] M. Beheshti, K. Kowalski, J. Ortiz and J. Tomelden, “Component-Based Software Architecture Design for Network Intrusion Detection and Prevention System,” Proceedings of the 6th International Conference on Information Technology: New Generations (IEEE ITNG 09), Las Vegas, 27-29 April 2009, pp. 248-253. doi:10.1109/ITNG.2009.162
[3] A. H. Abdullah, M. Y. Idris and D. Stiawan, “The Trends of Intrusion Prevention System Network,” Proceedings of the 2nd International Conference on Education Technology and Computer of the IEEE ICETC, Shanghai, 22-24 June 2010, pp. 217-221. doi:10.1109/ICETC.2010.5529697
[4] A. Movaghar and F. Sabahi, “Intrusion Detection: A Survey,” Proceedings of the 3rd International Conference on Systems and Networks Communications of the IEEE ICSNC, Sliema, 26-31 October 2008, pp. 23-36. doi:10.1109/ICSNC.2008.44
[5] P. Wolfe, B. Hayes and C. Scott, “Snort for Dummies,” 1st Edition, Willey, Indianapolis, 2004.
[6] R. Wagoner, “Performance Testing an Inline Network Intrusion Detection System Using Snort,” Master’s Thesis, Morehead State University, Morehead, 2007.
[7] S. Kumar, “Survey of Current Network Intrusion Detection Techniques,” 2007, pp. 1-18.
[8] Z. W. Chen, T. C. Zhou, X. H. Guan and Z. M. Zhou “The Study on Network Intrusion Detection System of Snort,” Proceedings of the 2nd International Conference on Networking and Digital Society of the IEEE ICNDS, Wenzhou, 30-31 May 2010, pp. 194-196. doi:10.1109/ICNDS.2010.5479341
[9] http://www.snort.org http://www.snort.org/assets/156/snort_manual.pdf http://www.snort.org/assets/156/snort_manual.pdf
[10] D. Emma, A. Pescapè, G. Ventre and S. Avallone, “A Distributed Multiplatform Architecture for Traffic Generation,” Proceedings of the Symposium on Performance Evaluation of Computer and Telecommunication Systems (SPECTS), Philadelphia, 24-28 July 2004, pp. 659-670.
[11] A. M. Faizal, et al., “Threshold Verification Technique for Network Intrusion Detection System,” International Journal of Computer Science and Information Security, Vol. 2, No. 1, 2009, pp. 1-8.

Copyright © 2024 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.