A New Architecture for Network Intrusion Detection and Prevention

Waleed Bul'ajoul, Anne James, Siraj Shaikh

    Research output: Contribution to journalArticlepeer-review

    17 Citations (Scopus)
    400 Downloads (Pure)


    This paper presents an investigation, involving experiments, which shows that current network intrusion, detection, and prevention systems (NIDPSs) have several shortcomings in detecting or preventing rising unwanted traffic and have several threats in high-speed environments. It shows that the NIDPS performance can be weak in the face of high-speed and high-load malicious traffic in terms of packet drops, outstanding packets without analysis, and failing to detect/prevent unwanted traffic. A novel quality of service (QoS) architecture has been designed to increase the intrusion detection and prevention performance. Our research has proposed and evaluated a solution using a novel QoS configuration in a multi-layer switch to organize packets/traffic and parallel techniques to increase the packet processing speed. The new architecture was tested under different traffic speeds, types, and tasks. The experimental results show that the architecture improves the network and security performance which is can cover up to 8 Gb/s with 0 packets dropped. This paper also shows that this number (8Gb/s) can be improved, but it depends on the system capacity which is always limited.

    Original languageEnglish
    Article number8630944
    Pages (from-to)18558-18573
    Number of pages16
    JournalIEEE Access
    Publication statusPublished - 31 Jan 2019

    Bibliographical note

    Open Access journal


    • Computer security
    • computer networks
    • intrusion detection system
    • intrusion prevention system
    • network architecture
    • network security
    • open source
    • quality of service
    • security
    • switch configuration

    ASJC Scopus subject areas

    • Computer Science(all)
    • Materials Science(all)
    • Engineering(all)


    Dive into the research topics of 'A New Architecture for Network Intrusion Detection and Prevention'. Together they form a unique fingerprint.

    Cite this