• DocumentCode
    1972861
  • Title

    Embedded Markov process based model for performance analysis of Intrusion Detection and Prevention Systems

  • Author

    Alsubhi, K. ; Zhani, Mohamed Faten ; Boutaba, R.

  • Author_Institution
    David R. Cheriton Sch. of Comput. Sci., Univ. of Waterloo, Waterloo, ON, Canada
  • fYear
    2012
  • fDate
    3-7 Dec. 2012
  • Firstpage
    898
  • Lastpage
    903
  • Abstract
    Intrusion Detection and/or Prevention Systems (IDPSs) are now a crucial defensive measure to defend against attacks intended to breach the security and operation of enterprise information systems. The IDPS configuration can, however, have a negative impact on network performance in terms of end-to-end delay and packet loss. This paper proposes an analytical queuing model based on the embedded Markov chain which analyzes the performance of the IDPS and evaluates its impact on performance. Through extensive simulations, we validate the proposed model and the numerical equations that estimate various performance metrics. Our results show that this model can be leveraged to assess and set up an effective configuration for the IDPS, achieving simultaneously the trade-off between security enforcement levels on one side and network Quality of Service (QoS) requirements on the other.
  • Keywords
    Markov processes; computer network performance evaluation; computer network security; quality of service; queueing theory; security of data; IDPS configuration; Markov chain modeling; QoS; embedded Markov process based model; enterprise information system; intrusion detection and prevention system; network performance; network quality of service; numerical equation; performance metrics; queuing model; security breach; security enforcement level; Intrusion Detection and Prevention Systems; Markov Chain Modeling; Security Configuration Management; Security Performance Evaluation;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Global Communications Conference (GLOBECOM), 2012 IEEE
  • Conference_Location
    Anaheim, CA
  • ISSN
    1930-529X
  • Print_ISBN
    978-1-4673-0920-2
  • Electronic_ISBN
    1930-529X
  • Type

    conf

  • DOI
    10.1109/GLOCOM.2012.6503227
  • Filename
    6503227