Paper Info
Title
Characterizing the Performance of Network Intrusion Detection Sensors
Abstract
Network intrusion detection systems (NIDS) are becoming an important tool for protecting critical information and infrastructure. The quality of a NIDS is described by the percentage of true attacks detected combined with the number of false alerts. However, even a high-quality NIDS algorithm is not effective if its processing cost is too high, since the resulting loss of packets increases the probability that an attack is not detected. This study measures and compares two major components of the NIDS processing cost on a number of diverse systems to pinpoint performance bottlenecks and to determine the impact of operating system and architecture differences. Results show that even on moderate-speed networks, many systems are inadequate as NIDS platforms. Performance depends not only on the processor performance, but to a large extent also on the memory system. Recent trends in processor microarchitecture towards deep pipelines have a negative impact on the systems NIDS capabilities, and multiprocessor architectures usually do not lead to significant performance improvements. Overall, these results provide valuable guidelines for NIDS developers and adopters for choosing a suitable platform, and highlight the need to consider processing cost when developing and evaluating NIDS techniques.
Year
DOI
Venue
2003
10.1007/978-3-540-45248-5_9
Lecture Notes in Computer Science
Keywords
Field
DocType
operating system
Bottleneck,Computer science,Computer security,Network packet,Real-time computing,Multiprocessing,Header,Systems architecture,Intrusion detection system,Information infrastructure,Embedded system,Microarchitecture
Conference
Volume
ISSN
Citations 
2820
0302-9743
45
PageRank 
References 
Authors
3.20
11
4
Name
Order
Citations
PageRank
Lambert Schaelicke127920.23
Thomas Slabach2695.31
Branden J. Moore3453.20
Curt Freeland4674.95