Cost Benefit Deployment of DNIPS

Effective deployment of Real Time Distributed Network Intrusion Detection Systems (DNIDS) on High- speed and large-scale networks within limited budget constraints is a challenging task. In this paper we investigate algorithms aiming at optimizing the deployment of DNIDS systems. We use Group Betweenness Centrality (GBC) as an approximation of the DNIDS deployment utility. In this work we use two cost models. The first cost model assumes that all network intrusion detection devices have the same cost. The second model assumes that the cost of the device is relative to the traffic load on the network node on which it is installed. We evaluate two algorithms for finding the most prominent group in these cost models. The first algorithm is based on greedy choice of vertices and the second is based on heuristic search and finds the optimal deployment locations. We investigate combinations of heuristic functions based on solution cost and on solution utility and different node ordering strategies. We show that intelligent choice of the heuristic functions and node ordering can speed up the search. Empirical evaluation shows that while in the first cost model the greedy algorithm produces results that are negligibly close to optimal in the second cost model the difference between optimal and suboptimal solutions can be significant.