A comparative experimental evaluation study of intrusion detection system performance in a gigabit environment

Authors:
Charles Iheagwara;Andrew Blyth;Mukesh Singhal
Affiliations:
EDGAR ONLINE, INC. 8715 First Avenue, #1413D, Silver Spring, MD;School of Computing, University of Glamorgan, Pontypridd, Wales CF37 1DL, UK;Gartener Group, Department of Computer Science, University of Kentucky, 301 Rose Street, Lexington, KY
Venue:
Journal of Computer Security
Year:
2003

Citing 9
Cited 3

An Intrusion-Detection Model

IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Gigabit ethernet: migrating to high-bandwidth LANs

Gigabit ethernet: migrating to high-bandwidth LANs
Decentralizing control and intelligence in network management

Proceedings of the fourth international symposium on Integrated network management IV
A coding approach to event correlation

Proceedings of the fourth international symposium on Integrated network management IV
Ethernet: the definitive guide

Ethernet: the definitive guide
Evaluation of the performance of ID systems in a switched and distributed environment: the RealSecure case study

Computer Networks: The International Journal of Computer and Telecommunications Networking
Distributed audit trail analysis

SNDSS '95 Proceedings of the 1995 Symposium on Network and Distributed System Security (SNDSS'95)
Holding intruders accountable on the Internet

SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
Network security via reverse engineering of TCP code: vulnerability analysis and proposed solutions

INFOCOM'96 Proceedings of the Fifteenth annual joint conference of the IEEE computer and communications societies conference on The conference on computer communications - Volume 2

Cost effective management frameworks for intrusion detection systems

Journal of Computer Security
An Intelligent Intrusion Detection and Response System Using Network Quarantine Channels: Adaptive Policies and Alert Filters

WI-IATW '06 Proceedings of the 2006 IEEE/WIC/ACM international conference on Web Intelligence and Intelligent Agent Technology
An adaptive expert system approach for intrusion detection

International Journal of Security and Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

Intrusion detection systems' (IDS) effectiveness requires balancing characteristics and elements so they fit together in appropriate compromises to create good network security systems. One major gauge for IDS effectiveness is the ability to detect attacks within operational specifications. Gigabit IDS sensors as opposed to Megabit IDS sensors promise dramatic increase in component performance and functional opportunities, possibly leading to dramatically changed system balance and overall performance. The research described here examines the system benefits of using a single Gigabit IDS sensor instead of multiple Megabit sensors for a wide range of defined system attacks, network traffic characteristics, and for their contexts of operational concepts and deployment techniques. The experimental results are analyzed in the context of practical experiences in the operation of these IDS systems. The difference in architectural designs, deployment strategies and operational concepts that characterized their performance in exploiting the strengths of attack systems are discussed.