A New Architecture for Network Intrusion Detection and Prevention

Waleed Bul'ajoul, Anne James, Siraj Shaikh

Research output: Contribution to journalArticle

2 Citations (Scopus)
159 Downloads (Pure)

Abstract

This paper presents an investigation, involving experiments, which shows that current network intrusion, detection, and prevention systems (NIDPSs) have several shortcomings in detecting or preventing rising unwanted traffic and have several threats in high-speed environments. It shows that the NIDPS performance can be weak in the face of high-speed and high-load malicious traffic in terms of packet drops, outstanding packets without analysis, and failing to detect/prevent unwanted traffic. A novel quality of service (QoS) architecture has been designed to increase the intrusion detection and prevention performance. Our research has proposed and evaluated a solution using a novel QoS configuration in a multi-layer switch to organize packets/traffic and parallel techniques to increase the packet processing speed. The new architecture was tested under different traffic speeds, types, and tasks. The experimental results show that the architecture improves the network and security performance which is can cover up to 8 Gb/s with 0 packets dropped. This paper also shows that this number (8Gb/s) can be improved, but it depends on the system capacity which is always limited.

Original languageEnglish
Article number8630944
Pages (from-to)18558-18573
Number of pages16
JournalIEEE Access
Volume7
DOIs
Publication statusPublished - 31 Jan 2019

Fingerprint

Intrusion detection
Quality of service
Telecommunication traffic
Switches
Processing
Experiments

Bibliographical note

Open Access journal

Keywords

  • Computer security
  • computer networks
  • intrusion detection system
  • intrusion prevention system
  • network architecture
  • network security
  • open source
  • quality of service
  • security
  • switch configuration

ASJC Scopus subject areas

  • Computer Science(all)
  • Materials Science(all)
  • Engineering(all)

Cite this

A New Architecture for Network Intrusion Detection and Prevention. / Bul'ajoul, Waleed; James, Anne; Shaikh, Siraj.

In: IEEE Access, Vol. 7, 8630944, 31.01.2019, p. 18558-18573.

Research output: Contribution to journalArticle

Bul'ajoul, Waleed ; James, Anne ; Shaikh, Siraj. / A New Architecture for Network Intrusion Detection and Prevention. In: IEEE Access. 2019 ; Vol. 7. pp. 18558-18573.
@article{46f4046b2db74e85b89d3b777c503196,
title = "A New Architecture for Network Intrusion Detection and Prevention",
abstract = "This paper presents an investigation, involving experiments, which shows that current network intrusion, detection, and prevention systems (NIDPSs) have several shortcomings in detecting or preventing rising unwanted traffic and have several threats in high-speed environments. It shows that the NIDPS performance can be weak in the face of high-speed and high-load malicious traffic in terms of packet drops, outstanding packets without analysis, and failing to detect/prevent unwanted traffic. A novel quality of service (QoS) architecture has been designed to increase the intrusion detection and prevention performance. Our research has proposed and evaluated a solution using a novel QoS configuration in a multi-layer switch to organize packets/traffic and parallel techniques to increase the packet processing speed. The new architecture was tested under different traffic speeds, types, and tasks. The experimental results show that the architecture improves the network and security performance which is can cover up to 8 Gb/s with 0 packets dropped. This paper also shows that this number (8Gb/s) can be improved, but it depends on the system capacity which is always limited.",
keywords = "Computer security, computer networks, intrusion detection system, intrusion prevention system, network architecture, network security, open source, quality of service, security, switch configuration",
author = "Waleed Bul'ajoul and Anne James and Siraj Shaikh",
note = "Open Access journal",
year = "2019",
month = "1",
day = "31",
doi = "10.1109/ACCESS.2019.2895898",
language = "English",
volume = "7",
pages = "18558--18573",
journal = "IEEE Access",
issn = "2169-3536",
publisher = "IEEE",

}

TY - JOUR

T1 - A New Architecture for Network Intrusion Detection and Prevention

AU - Bul'ajoul, Waleed

AU - James, Anne

AU - Shaikh, Siraj

N1 - Open Access journal

PY - 2019/1/31

Y1 - 2019/1/31

N2 - This paper presents an investigation, involving experiments, which shows that current network intrusion, detection, and prevention systems (NIDPSs) have several shortcomings in detecting or preventing rising unwanted traffic and have several threats in high-speed environments. It shows that the NIDPS performance can be weak in the face of high-speed and high-load malicious traffic in terms of packet drops, outstanding packets without analysis, and failing to detect/prevent unwanted traffic. A novel quality of service (QoS) architecture has been designed to increase the intrusion detection and prevention performance. Our research has proposed and evaluated a solution using a novel QoS configuration in a multi-layer switch to organize packets/traffic and parallel techniques to increase the packet processing speed. The new architecture was tested under different traffic speeds, types, and tasks. The experimental results show that the architecture improves the network and security performance which is can cover up to 8 Gb/s with 0 packets dropped. This paper also shows that this number (8Gb/s) can be improved, but it depends on the system capacity which is always limited.

AB - This paper presents an investigation, involving experiments, which shows that current network intrusion, detection, and prevention systems (NIDPSs) have several shortcomings in detecting or preventing rising unwanted traffic and have several threats in high-speed environments. It shows that the NIDPS performance can be weak in the face of high-speed and high-load malicious traffic in terms of packet drops, outstanding packets without analysis, and failing to detect/prevent unwanted traffic. A novel quality of service (QoS) architecture has been designed to increase the intrusion detection and prevention performance. Our research has proposed and evaluated a solution using a novel QoS configuration in a multi-layer switch to organize packets/traffic and parallel techniques to increase the packet processing speed. The new architecture was tested under different traffic speeds, types, and tasks. The experimental results show that the architecture improves the network and security performance which is can cover up to 8 Gb/s with 0 packets dropped. This paper also shows that this number (8Gb/s) can be improved, but it depends on the system capacity which is always limited.

KW - Computer security

KW - computer networks

KW - intrusion detection system

KW - intrusion prevention system

KW - network architecture

KW - network security

KW - open source

KW - quality of service

KW - security

KW - switch configuration

UR - http://www.scopus.com/inward/record.url?scp=85062211701&partnerID=8YFLogxK

U2 - 10.1109/ACCESS.2019.2895898

DO - 10.1109/ACCESS.2019.2895898

M3 - Article

VL - 7

SP - 18558

EP - 18573

JO - IEEE Access

JF - IEEE Access

SN - 2169-3536

M1 - 8630944

ER -