Evaluation of the performance of ID systems in a switched and distributed environment: the real secure case study

  • Authors:

  • Charles Iheagwara;Andrew Blyth

  • Affiliations:

  • Edger Online Inc., Rockville, MD and 8715, First Avenue, # 1413D, Silver Spring, MD;School of Computing, University of Glamorgan, Glamorgan, UK

  • Venue:
  • Computer Networks: The International Journal of Computer and Telecommunications Networking
  • Year:
  • 2002

Quantified Score

Hi-index 0.00

Visualization

Abstract

With the phenomenal increase of unwarranted Internet traffic into corporate networks the need for the development and effective use of currently available intrusion detection (ID) systems has acquired great importance. Compounding this is the constantly evolving techniques by professional hackers to defeat any and every counter measure designed to stem or at least contain their acts.In this paper, we present the results of tests conducted to assess the effectiveness of intrusion detection system in a switched and distributed network environment. The results reveal that the performance of ID systems is a function of various factors including network topology, deployment techniques, and network throughput, bandwidth and network traffic conditions.Within the limits of our studies, the findings can be summarized as: 1. The detection capability of the ID system diminishes with increase in bandwidth utilization with the obvious implication that better performance could be achieved with the use of multiple sensors. 2. Deployment at network or domain entry points i.e. outside decoy provides better performance results by up to 11%. 3. Deployment with packet loss limiting devices produces a better result than deployment with the port mirroring technique by up to 27%.