Abstract
The importance of network security has grown tremendously and intrusion prevention/detection systems (IPS/IDS) have been widely developed to insure the security of network against suspicious threat. Computer network intrusion detection and prevention system consist of collecting traffic data, analyzing them based on detection rules and generate alerts or dropping them if necessary. However IPS has problems such as accuracy signature, the traffic volume, topology design, monitoring sensors. In this paper, we practically examine the traffic effect on performance of IPS. We first examine the detection of DOS attack on a web server by IPS and then we generate network traffic to see how the behavior of IPS has influenced on detection of DOS attack.
Highlights
Over the past few years, computer security has become a great concern in computer science
If intrusion prevention system cannot analyze the packets, the probability of happening attack, without IPS/IDS knowledge, increase and this is a great risk to our network security
Our network environment contains five elements consist of a web server, the victim of flooding DOS attack, an attacker, performs flooding DOS attack, an intrusion prevention server, a D-ITS Send, which is the sender of generated traffics, a D-ITS Recv, which is the receiver of generated traffics
Summary
Over the past few years, computer security has become a great concern in computer science. Third module is responsible to look for abnormality in packet header or host information and organizes data and information to be further analyzed by detection engine. In the previous works which has been done on IPS, metrics such as TP, TN, FP and FN has been introduced for measuring the performance of IPS [3,4] These metrics evaluate the accuracy of detection engine module in IPS, for example TP (True Positive) points to the number of attacks which IPS correctly identified related to the number of packets that IPS analyzed. If intrusion prevention system cannot analyze the packets, the probability of happening attack, without IPS/IDS knowledge, increase and this is a great risk to our network security.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.