Improving network intrusion detection system performance through quality of service configuration and parallel technology

Waleed Bulajoul, Anne James, M. Pannu

Research output: Contribution to journalArticle

39 Citations (Scopus)
404 Downloads (Pure)

Abstract

This paper outlines an innovative software development that utilises Quality of Service (QoS) and parallel technologies in Cisco Catalyst Switches to increase the analytical performance of a Network Intrusion Detection and Protection System (NIDPS) when deployed in high-speed networks. We have designed a real network to present experiments that use a Snort NIDPS. Our experiments demonstrate the weaknesses of NIDPSs, such as inability to process multiple packets and propensity to drop packets in heavy traffic and high-speed networks without analysing them. We tested Snort's analysis performance, gauging the number of packets sent, analysed, dropped, filtered, injected, and outstanding. We suggest using QoS configuration technologies in a Cisco Catalyst 3560 Series Switch and parallel Snorts to improve NIDPS performance and to reduce the number of dropped packets. Our results show that our novel configuration improves performance.
Original languageEnglish
Pages (from-to)981-999
JournalJournal of Computer and System Sciences
Volume81
Issue number6
Early online date18 Dec 2014
DOIs
Publication statusPublished - Sep 2015

Bibliographical note

“NOTICE: this is the author’s version of a work that was accepted for publication in Journal
of Computer and System Sciences. Changes resulting from the publishing process, such as
peer review, editing, corrections, structural formatting, and other quality control
mechanisms may not be reflected in this document. Changes may have been made to this
work since it was submitted for publication. A definitive version was subsequently published
in in Journal of Computer and System Sciences, [in press] DOI 10.1016/j.jcss.2014.12.012 ¨

Keywords

  • Network security
  • Intrusion detection system
  • Intrusion protection system
  • Parallel processing
  • Switch configuration
  • Quality of Service

Fingerprint Dive into the research topics of 'Improving network intrusion detection system performance through quality of service configuration and parallel technology'. Together they form a unique fingerprint.

  • Cite this