Title :
IDS performance enhancement technique based on dynamic traffic awareness histograms
Author :
Trabelsi, Z. ; Zeidan, Safaa
Author_Institution :
Coll. of Inf. Technol., UAE Univ., Al-Ain, United Arab Emirates
Abstract :
This paper discusses an approach to improve the performance of Intrusion Detection Systems (IDSs) through optimizing the order of the attack signature rules as well as the order of the rule fields. The proposed approach is based on calculating the histograms of the attack packets that match the signature rules and of those that do not match the rule-fields. The histograms are used to effectively monitor the IDS performance in real-time and to predict the optimal orders of the signature rules and the rule-fields, based on the attack packets patterns. The paper discusses the evaluation of the proposed approach with other conventional approaches using Snort tool as an example of IDS system. The numerical results obtained by simulations demonstrate that the proposed approach is able to significantly improve Snort performance in terms of cumulative packet processing time.
Keywords :
digital signatures; optimisation; packet switching; pattern matching; telecommunication traffic; IDS performance enhancement technique; attack packet pattern; attack signature rules; cumulative packet processing time; dynamic traffic awareness histogram; intrusion detection system; matching rule; optimal order prediction; order optimization; rule fields; Histograms; IP networks; Information systems; Inspection; Optimization; Security; Telecommunication traffic; Attack packet flow matching histogram; Attack signature rules; Intrusion detection systems; Packet early acceptance; Packet early rejection; Rule-fields ordering; Signature rule ordering;
Conference_Titel :
Communications (ICC), 2014 IEEE International Conference on
Conference_Location :
Sydney, NSW
DOI :
10.1109/ICC.2014.6883446
