Embedded Markov process based model for performance analysis of Intrusion Detection and Prevention Systems

Embedded Markov process based model for performance analysis of Intrusion Detection and Prevention Systems

Intrusion Detection and/or Prevention Systems (IDPSs) are now a crucial defensive measure to defend against attacks intended to breach the security and operation of enterprise information systems. The IDPS configuration can, however, have a negative impact on network performance in terms of end-to-e...

Full description

Saved in:
Bibliographic Details
Published in:2012 IEEE Global Communications Conference (GLOBECOM) pp. 898 - 903
Main Authors: Alsubhi, K., Zhani, M. F., Boutaba, R.
Format: Conference Proceeding
Language:English
Published: IEEE 01-12-2012
Subjects:
Intrusion Detection and Prevention Systems
Markov Chain Modeling
Security Configuration Management
Security Performance Evaluation
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Intrusion Detection and/or Prevention Systems (IDPSs) are now a crucial defensive measure to defend against attacks intended to breach the security and operation of enterprise information systems. The IDPS configuration can, however, have a negative impact on network performance in terms of end-to-end delay and packet loss. This paper proposes an analytical queuing model based on the embedded Markov chain which analyzes the performance of the IDPS and evaluates its impact on performance. Through extensive simulations, we validate the proposed model and the numerical equations that estimate various performance metrics. Our results show that this model can be leveraged to assess and set up an effective configuration for the IDPS, achieving simultaneously the trade-off between security enforcement levels on one side and network Quality of Service (QoS) requirements on the other.
ISBN:1467309206
9781467309202
ISSN:1930-529X
2576-764X
DOI:10.1109/GLOCOM.2012.6503227