Improving network intrusion detection system performance through quality of service configuration and parallel technology

Waleed Bulajoul, Anne James, M. Pannu

    Research output: Contribution to journalArticlepeer-review

    77 Citations (Scopus)
    751 Downloads (Pure)

    Abstract

    This paper outlines an innovative software development that utilises Quality of Service (QoS) and parallel technologies in Cisco Catalyst Switches to increase the analytical performance of a Network Intrusion Detection and Protection System (NIDPS) when deployed in high-speed networks. We have designed a real network to present experiments that use a Snort NIDPS. Our experiments demonstrate the weaknesses of NIDPSs, such as inability to process multiple packets and propensity to drop packets in heavy traffic and high-speed networks without analysing them. We tested Snort's analysis performance, gauging the number of packets sent, analysed, dropped, filtered, injected, and outstanding. We suggest using QoS configuration technologies in a Cisco Catalyst 3560 Series Switch and parallel Snorts to improve NIDPS performance and to reduce the number of dropped packets. Our results show that our novel configuration improves performance.
    Original languageEnglish
    Pages (from-to)981-999
    JournalJournal of Computer and System Sciences
    Volume81
    Issue number6
    Early online date18 Dec 2014
    DOIs
    Publication statusPublished - Sept 2015

    Bibliographical note

    “NOTICE: this is the author’s version of a work that was accepted for publication in Journal
    of Computer and System Sciences. Changes resulting from the publishing process, such as
    peer review, editing, corrections, structural formatting, and other quality control
    mechanisms may not be reflected in this document. Changes may have been made to this
    work since it was submitted for publication. A definitive version was subsequently published
    in in Journal of Computer and System Sciences, [in press] DOI 10.1016/j.jcss.2014.12.012 ¨

    Keywords

    • Network security
    • Intrusion detection system
    • Intrusion protection system
    • Parallel processing
    • Switch configuration
    • Quality of Service

    Fingerprint

    Dive into the research topics of 'Improving network intrusion detection system performance through quality of service configuration and parallel technology'. Together they form a unique fingerprint.

    Cite this