A New Architecture for Network Intrusion Detection and Prevention

A New Architecture for Network Intrusion Detection and Prevention

This paper presents an investigation, involving experiments, which shows that current network intrusion, detection, and prevention systems (NIDPSs) have several shortcomings in detecting or preventing rising unwanted traffic and have several threats in high-speed environments. It shows that the NIDP...

Full description

Bibliographic Details
Main Authors: Waleed Bul'ajoul, Anne James, Siraj Shaikh
Format: Article
Language:English
Published: IEEE 2019-01-01
Series:IEEE Access
Subjects:
Computer security
computer networks
intrusion detection system
intrusion prevention system
network architecture
network security
Online Access:https://ieeexplore.ieee.org/document/8630944/
id doaj-f3bcf20caafd4d89b9461125ca0286e0
record_format Article
spelling doaj-f3bcf20caafd4d89b9461125ca0286e02021-03-29T22:19:57ZengIEEEIEEE Access2169-35362019-01-017185581857310.1109/ACCESS.2019.28958988630944A New Architecture for Network Intrusion Detection and PreventionWaleed Bul'ajoul0https://orcid.org/0000-0003-4927-9500Anne James1Siraj Shaikh2Computing and Technology Department, New Hall, Nottingham Trent University, Clifton Campus, Nottingham, U.K.Computing and Technology Department, New Hall, Nottingham Trent University, Clifton Campus, Nottingham, U.K.Systems Security Group, Institute for Future Transport and Cities, Coventry University, Coventry, U.K.This paper presents an investigation, involving experiments, which shows that current network intrusion, detection, and prevention systems (NIDPSs) have several shortcomings in detecting or preventing rising unwanted traffic and have several threats in high-speed environments. It shows that the NIDPS performance can be weak in the face of high-speed and high-load malicious traffic in terms of packet drops, outstanding packets without analysis, and failing to detect/prevent unwanted traffic. A novel quality of service (QoS) architecture has been designed to increase the intrusion detection and prevention performance. Our research has proposed and evaluated a solution using a novel QoS configuration in a multi-layer switch to organize packets/traffic and parallel techniques to increase the packet processing speed. The new architecture was tested under different traffic speeds, types, and tasks. The experimental results show that the architecture improves the network and security performance which is can cover up to 8 Gb/s with 0 packets dropped. This paper also shows that this number (8Gb/s) can be improved, but it depends on the system capacity which is always limited.https://ieeexplore.ieee.org/document/8630944/Computer securitycomputer networksintrusion detection systemintrusion prevention systemnetwork architecturenetwork security
collection DOAJ
language English
format Article
sources DOAJ
author Waleed Bul'ajoul
Anne James
Siraj Shaikh
spellingShingle Waleed Bul'ajoul
Anne James
Siraj Shaikh
A New Architecture for Network Intrusion Detection and Prevention
IEEE Access
Computer security
computer networks
intrusion detection system
intrusion prevention system
network architecture
network security
author_facet Waleed Bul'ajoul
Anne James
Siraj Shaikh
author_sort Waleed Bul'ajoul
title A New Architecture for Network Intrusion Detection and Prevention
title_short A New Architecture for Network Intrusion Detection and Prevention
title_full A New Architecture for Network Intrusion Detection and Prevention
title_fullStr A New Architecture for Network Intrusion Detection and Prevention
title_full_unstemmed A New Architecture for Network Intrusion Detection and Prevention
title_sort new architecture for network intrusion detection and prevention
publisher IEEE
series IEEE Access
issn 2169-3536
publishDate 2019-01-01
description This paper presents an investigation, involving experiments, which shows that current network intrusion, detection, and prevention systems (NIDPSs) have several shortcomings in detecting or preventing rising unwanted traffic and have several threats in high-speed environments. It shows that the NIDPS performance can be weak in the face of high-speed and high-load malicious traffic in terms of packet drops, outstanding packets without analysis, and failing to detect/prevent unwanted traffic. A novel quality of service (QoS) architecture has been designed to increase the intrusion detection and prevention performance. Our research has proposed and evaluated a solution using a novel QoS configuration in a multi-layer switch to organize packets/traffic and parallel techniques to increase the packet processing speed. The new architecture was tested under different traffic speeds, types, and tasks. The experimental results show that the architecture improves the network and security performance which is can cover up to 8 Gb/s with 0 packets dropped. This paper also shows that this number (8Gb/s) can be improved, but it depends on the system capacity which is always limited.
topic Computer security
computer networks
intrusion detection system
intrusion prevention system
network architecture
network security
url https://ieeexplore.ieee.org/document/8630944/
work_keys_str_mv AT waleedbulajoul anewarchitecturefornetworkintrusiondetectionandprevention
AT annejames anewarchitecturefornetworkintrusiondetectionandprevention
AT sirajshaikh anewarchitecturefornetworkintrusiondetectionandprevention
AT waleedbulajoul newarchitecturefornetworkintrusiondetectionandprevention
AT annejames newarchitecturefornetworkintrusiondetectionandprevention
AT sirajshaikh newarchitecturefornetworkintrusiondetectionandprevention
_version_ 1724191911214841856

Similar Items