Abstract

High-speed networks require a high performance intrusion detection systems (IDS), able to process a large amount of data in real time. So, we have to evaluate IDS going to be deployed in such environnement. In this paper, we present an evaluation approach, based on a series of tests, aiming to measure the performance of the components of an IDS and their effects on the entire system. As well as to study the effect of the characteristics of the deployment environment on the efficiency of the IDS. So, we have implemented the IDS SNORT on machines with different technical characteristics and we have designed a network to generate a set of experiments to measure the performances obtained in the case of a deployment in high-speed networks. Our experiments have revealed the weaknesses of the IDS in a precise way. Mainly, the inability to process multiple packets and the propensity to deposit, without analysis, packets in high-speed networks with heavy traffic. Our work also determined the effect of a component on the entire system and the effect of hardware characteristics on the performance of an IDS.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.