Conference Proceedings
Permanent URI for this community
Browse
Browsing Conference Proceedings by Author "Ahmed, Botan"
Now showing 1 - 1 of 1
Results Per Page
Sort Options
Item Performance Security Trade-off of Network Intrusion Detection and Prevention Systems(UK Performance Engineering Workshop and Cyber Security Workshop, 2016) Munir, Rashid; Ahmed, Botan; Al-Mohannadi, Hamad; Mufti, M. Rafiq; Namanya, Anitta Patience; Awan, IrfanSecurity cyber threats are increasing with most companies being overwhelm by the complexity attached to prevention against attacks. Network Intrusion detection and prevention systems (NIDPS) are now a stable in any enterprise network with the purpose of filtering through the network traffic and sniffing for malicious traffic. Given the amount of traffic generated on enterprise networks nowadays, any NIDPS is sure to go through a big number of packets that a need arises for a performance- security trade-off. On any given day, based on the rules used in the NIDPS, the number of alerts it generates are in thousands. This can be quite overwhelming to security analysts who analyse them to understand the cyber threat landscape. Although it is true the more alerts, the higher the probability of detecting malicious traffic, it is also true that alerts require the traffic to go through many rules which can be quite a performance hindrance. This is the paradox plagued by the cyber security community currently. In this paper, we examine 2 scenarios to evaluate the performance security trade-off for the purpose of propose ways of improving the performance while minimising the impact on the security purpose for the NIDPS.