Performance enhancement of signature -based network intrusion detection system

Abstract

Exponential increase in number of vulnerabilities, network traffic and bandwidth pose a serious threat to the performance aspects of Intrusion Detection Systems (IDS). Signature-Based IDS operates by comparing packet payloads against attack signatures. The process of signature matching takes up a lot of processing time and thus overwhelms the efficiency of a single Intrusion Detection System In this work; we propose a function-parallel architecture for enhancing the performance of IDS. The proposed architecture outperforms existing approaches of performance enhancement in terms of speed-up and cost. The parallel implementation has been done in java language on a cluster system comprising of 32 nodes. The cluster consists of dual 3.06 GHz, 1 GB RAM control node, 16 HP and 16 SUN 2.2 GHz compute nodes with 4 GB RAM on each node. Control node runs Red Hat Enterprise Linux AS Operating System whereas compute nodes run the WS version of the same OS. All nodes are interconnected using a Gigabit interconnect through HP ProCurve 2848 switch. The results obtained by parallel implementation of our proposed solution have shown 60 percent improvement in speed up on 32 Intrusion Detection Sensors. The approach has shown the potential to be extended and implemented on reconfigurable hardware for developing a cost-effective and scalable solution for future.