Taking advantages of parallel technology and quality of service configuration to improve the performance of your intrusion detection systems
Lay summary by Rachid Cherkaoui
Intrusion detection systems (IDS) are devices or software that can inspect abnormal activity and identify suspicious matters that may indicate an attack from someone attempting to hack a system or network. In computer networks environments, IDSs are widely used to reduce the risks of attacks. Quality of Service (QoS) refers to a technique that controls traffic over a network using several technologies. This study shows how to improve the performance of IDSs using parallel and QoS technologies.
Previous research in the last decade has demonstrated that IDSs can deal with advanced attacks. However, with the growth of microprocessor technology, hackers or intruders can bypass IDS control and monitoring. So new IDSs or new techniques using parallel treatment and QoS configurations should be used in order to detect attacks and analyse all traffic in the network.
For this reason the aim of this study was to show that configuring QoS and using parallel computing in Cisco Catalyst Switches (Cisco switches are computer networking devices that connect different devices together on a computer network) can reach a high level of attack detection and a high percentage of packets analysed with an IDS called Snort.
Bul’ajoul et al.’s study shows how QoS and Parallel technology enhanced performance. As an example from the study, for high-speed traffic, Snort IDS configured without QoS resulted in 46% of packets dropping during processing (which means the loss of network traffic control). Snort configured with QoS gave : 0% of packets dropped but the speed of the traffic entering the network was much slower — 6 times slower than without QoS. Using queues and Parallel Snort (multiple instances of Snort running at the same time) with QoS gave : 0% of packets dropped and, with three parallel queues, the speed was just around 2 times slower than without QoS.
These results help us understand the importance of parallel computing and QoS configuration for intrusion detection enhancement. More specifically, these technologies could help administrators of computer networks to reduce intrusions like viruses and different attacks and to minimise the risks of compromising systems.
For further information
Read the Journal of Computer and System Sciences original research article which this summary is based on Improving network intrusion detection system performance through quality of service configuration and parallel technology (September 2015).
Visit the profile of the research ambassador, Rachid Cherkaoui, who wrote this summary.
STM Digest is a collection of lay summaries published next to original research articles on ScienceDirect, provided free of charge, and accessible to everyone.