Improved Performance High Speed Network Intrusion Detection Systems

This book has focussed on designing high performance Network Intrusion Detection Systems models, we have presented two designs to address limitations of Packet Loss and Low Detection Rate. The first high performance mechanism is based on Dynamic Cluster adoption using refined policy routing and Comparator Logic. The traffic load sharing mechanism reduces the packet drop by exchanging state information between load-balancer and cluster nodes and implementing switch overs between nodes in case the traffic exceeds pre-defined threshold. Comparator Logic enhances the overall efficiency by recovering lost data and analyzing it to identify threats. Intelligent Anomaly Detection Filtration (IADF) using cascaded architecture of anomaly-based filtration and signature-based detection process is the second high performance design. The IADF design is used to preserve resources of NIDS by eliminating large portion of the traffic on well defined logics. We have evaluated the mechanism to detect Denial of Service (DoS) and Probe attempts based by analyzing its performance on Defence Advanced Research Projects Agency (DARPA) dataset.