IDS performance enhancement technique based on dynamic traffic awareness histograms

Author

Trabelsi, Z. ; Zeidan, Safaa

Author_Institution

Coll. of Inf. Technol., UAE Univ., Al-Ain, United Arab Emirates

fYear

2014

fDate

10-14 June 2014

Firstpage

975

Lastpage

980

Abstract

This paper discusses an approach to improve the performance of Intrusion Detection Systems (IDSs) through optimizing the order of the attack signature rules as well as the order of the rule fields. The proposed approach is based on calculating the histograms of the attack packets that match the signature rules and of those that do not match the rule-fields. The histograms are used to effectively monitor the IDS performance in real-time and to predict the optimal orders of the signature rules and the rule-fields, based on the attack packets patterns. The paper discusses the evaluation of the proposed approach with other conventional approaches using Snort tool as an example of IDS system. The numerical results obtained by simulations demonstrate that the proposed approach is able to significantly improve Snort performance in terms of cumulative packet processing time.

Keywords

digital signatures; optimisation; packet switching; pattern matching; telecommunication traffic; IDS performance enhancement technique; attack packet pattern; attack signature rules; cumulative packet processing time; dynamic traffic awareness histogram; intrusion detection system; matching rule; optimal order prediction; order optimization; rule fields; Histograms; IP networks; Information systems; Inspection; Optimization; Security; Telecommunication traffic; Attack packet flow matching histogram; Attack signature rules; Intrusion detection systems; Packet early acceptance; Packet early rejection; Rule-fields ordering; Signature rule ordering;

fLanguage

English

Publisher

ieee

Conference_Titel

Communications (ICC), 2014 IEEE International Conference on

Conference_Location

Sydney, NSW

Type

conf

DOI

10.1109/ICC.2014.6883446

Filename

6883446