A parallel technique for improving the performance of signature-based network intrusion detection system

Nowadays, organizations discover that it is essential to protect their valuable information and internal resources from unauthorized access like deploying firewall. Firewall could prevent unauthorized access, but it cannot monitor network attacks. Another network security tool such as intrusion detection system is necessary to perform network activities monitoring. With the recent trend of high-speed networks, a large volume of data should be analyzed and processed with high-speed infrastructure. To promote the performance of network intrusion detection system and reduce the processing time of the traffic, present studies on network intrusion detection system for high-speed network focus on parallel techniques as an alternative. In this paper, a kind of parallelism is proposed to improve the performance of signature based intrusion detection system. The experimental results show that by the use of two signature based network intrusion detection systems running Snort in parallel with a portion of packets and a subset of rules, and distributing the traffic between them, the processing time of the traffic will be reduced. Consequently, the performance of the system will be improved.