Network Intrusion Detection Systems in High-Speed Traffic in Computer Networks

“…Our novel architecture addresses the weakness of NIDPS performance detection caused by increasing network traffic speed. The strength of this work over previous work is that in previous work [4,5], it was shown that analysis can fail in high speed and high volume traffic in terms of the fact that many packets are dropped or left outstanding and not analysed. But in analysis mode, dropped packets refer to packets that eventually do not get through to the destination and outstanding packets are those left unprocessed in the system.…”

“…IDPSs analyse collected information and infer more useful results than other security products [4,5]. However, some researchers have indicated that whilst IDPSs have significantly improved with the passage of time, they still often produce an unacceptable quantity of false positives and false negatives [4,10,11,12].…”

“…A number of successful attacks can be controlled using the prevention technique if an attack is detected at the interim stage of prevention systems. Unfortunately, some successful attacks can get through the prevention system [2,5]. In this instance, depending on preventive techniques is unlikely to resolve the issue, especially when an attacker has successfully obtained vulnerable information from the network; however, prevention can successfully and effectively maintain a network before an attack is launched.…”

“…IDPSs are capable of monitoring, identifying and reporting evidence of malicious activities and attacks, such as flood attacks, unauthorised log-ins, privilege escalation, illegitimate access, modification of data and datadriven attacks, [4,5]. Therefore, an IDPS sniffing mechanism is effectively applied at the network gateway, which provides useful information about packets and traffic to security professionals [4].…”

“…A popular system is the open-source Snort NIDPS. Our previous studies [4,5] have been carried out on the use of a Snort NIDPS in high speed networks. We found that in high speed and high volume environments, the Snort NIDPS drops packets.…”

Using Cisco Network Components to Improve NIDPS Performance

“…Our novel architecture addresses the weakness of NIDPS performance detection caused by increasing network traffic speed. The strength of this work over previous work is that in previous work [4,5], it was shown that analysis can fail in high speed and high volume traffic in terms of the fact that many packets are dropped or left outstanding and not analysed. But in analysis mode, dropped packets refer to packets that eventually do not get through to the destination and outstanding packets are those left unprocessed in the system.…”

“…IDPSs analyse collected information and infer more useful results than other security products [4,5]. However, some researchers have indicated that whilst IDPSs have significantly improved with the passage of time, they still often produce an unacceptable quantity of false positives and false negatives [4,10,11,12].…”

“…A number of successful attacks can be controlled using the prevention technique if an attack is detected at the interim stage of prevention systems. Unfortunately, some successful attacks can get through the prevention system [2,5]. In this instance, depending on preventive techniques is unlikely to resolve the issue, especially when an attacker has successfully obtained vulnerable information from the network; however, prevention can successfully and effectively maintain a network before an attack is launched.…”

“…IDPSs are capable of monitoring, identifying and reporting evidence of malicious activities and attacks, such as flood attacks, unauthorised log-ins, privilege escalation, illegitimate access, modification of data and datadriven attacks, [4,5]. Therefore, an IDPS sniffing mechanism is effectively applied at the network gateway, which provides useful information about packets and traffic to security professionals [4].…”

“…A popular system is the open-source Snort NIDPS. Our previous studies [4,5] have been carried out on the use of a Snort NIDPS in high speed networks. We found that in high speed and high volume environments, the Snort NIDPS drops packets.…”

Using Cisco Network Components to Improve NIDPS Performance

Network Packet Analysis in Real Time Traffic and Study of Snort IDS During the Variants of DoS Attacks

A Comparative Performance Analysis of the Intrusion Detection Systems