Abstract
Modern intrusion detection systems (IDS) are deployed in high-speed networks. Thus, they must be able to process a large amount of data in real time. This raises the issue of performance and required an evaluation of these IDS.
We present in this paper an evaluation approach, based on a series of tests. The aim is to measure the performance of the components of an IDS and their effects on the entire system, as well as to study the effect of the characteristics of the deployment environment on the operation of the IDS. So, we have implemented the IDS SNORT on machines with different technical characteristics and we have designed a network to generate a set of experiments to measure the performances obtained in the case of a deployment in high-speed networks. These experiments consist in injecting various traffic loads, characterized by different transmission times, packet numbers, packet sizes and bandwidths, and then analyzing, for each situation, the processing performed on the packets.
Our experiments have revealed the weaknesses of the IDS in a precise way. Mainly, the inability to process multiple packets and the propensity to deposit, without analysis, packets in high-speed networks with heavy traffic. Our work also determined the effect of a component on the entire system and the effect of hardware characteristics on the performance of an IDS.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Khorkov, D.A.: Methods for testing network-intrusion detection systems. Sci. Tech. Inf. Process. 39(2), 120–126 (2012). https://doi.org/10.3103/S0147688212020128
Berthier, R., Sanders, W.H., Khurana, H.: Intrusion detection for advanced metering infrastructures: requirements and architectural directions. In: 2010 First IEEE International Conference on Smart Grid Communications, Gaithersburg, MD, 2010, pp. 350–355. https://doi.org/10.1109/SMARTGRID.2010.5622068
Akhlaq, M., Alserhani, F., Awan, I., Mellor, J., Cullen, A.J., Al-Dhelaan, A.: Implementation and evaluation of network intrusion detection systems. In: Kouvatsos, D.D. (ed.) Network Performance Engineering. LNCS, vol. 5233, pp. 988–1016. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-02742-0_42
Saber, M., Chadli, S., Emharraf, M., El Farissi, I.: Modeling and implementation approach to evaluate the intrusion detection system. In: Bouajjani, A., Fauconnier, H. (eds.) NETYS 2015. LNCS, vol. 9466, pp. 513–517. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26850-7_41
Shiri, F.I., Shanmugam, B., Idris, N.B.: A parallel technique for improving the performance of signature-based network intrusion detection system. In: 2011 IEEE 3rd International Conference on Communication Software and Networks (ICCSN), pp. 692–696, 27–29 May 2011. https://doi.org/10.1109/ICCSN.2011.6014986
Jamshed, M.A., Lee, J., Moon, S., Yun, I., Kim, D., Lee, S., Yi, Y., Park, K.: Kargus: a highly-scalable software-based intrusion detection system. In: Proceedings of the 2012 ACM conference on Computer and communications security (CCS 2012), NY, USA, pp. 317–328 (2012). https://doi.org/10.1145/2382196.2382232
Saber, M., Chadli, S., Emharraf, M., El Farissi, I.: Performance evaluation of an intrusion detection system. In: El Oualkadi, A., Choubani, F., El Moussati, A. (eds.) Proceedings of the Mediterranean Conference on Information and Communication Technologies. LNEE, vol. 381, pp. 509–517. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-30298-0_52
Albin, E., Rowe, N.C.: A realistic experimental comparison of the Suricata and SNORT intrusion-detection systems. In: 2012 26th International Conference on Advanced Information Networking and Applications Workshops (WAINA), pp. 122–127, 26–29 March 2012. https://doi.org/10.1109/WAINA.2012.29
Wang, X., Kordas, A., Hu, L., Gaedke, M., Smith, D.: Administrative evaluation of intrusion detection system. In: Proceedings of the 2nd Annual Conference on Research in Information Technology (RIIT 2013). ACM, New York, NY, USA, pp. 47–52 (2013). https://doi.org/10.1145/2512209.2512216
Mudzingwa, D., Agrawal, R.: A study of methodologies used in intrusion detection and prevention systems (IDPS). In: 2012 Proceedings of IEEE Southeastcon, Orlando, FL, pp. 1–6 (2012). https://doi.org/10.1109/SECon.2012.6197080
Chi, R.: Intrusion detection system based on SNORT. Proceedings of the 9th International Symposium on Linear Drives for Industry Applications, vol. 3, pp. 657–664. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-40633-182
Roesch, M.: SNORT - lightweight intrusion detection for networks. In: Proceedings of the 13th USENIX conference on System administration (LISA 1999). USENIX Association, Berkeley, CA, USA, pp. 229–238 (1999)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Saber, M., Belkasmi, M.G., Chadli, S., Emharraf, M. (2017). Implementation and Performance Evaluation of Network Intrusion Detection Systems. In: Sabir, E., GarcÃa Armada, A., Ghogho, M., Debbah, M. (eds) Ubiquitous Networking. UNet 2017. Lecture Notes in Computer Science(), vol 10542. Springer, Cham. https://doi.org/10.1007/978-3-319-68179-5_42
Download citation
DOI: https://doi.org/10.1007/978-3-319-68179-5_42
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-68178-8
Online ISBN: 978-3-319-68179-5
eBook Packages: Computer ScienceComputer Science (R0)