Title: Security configuration management in intrusion detection and prevention systems

Authors: K. Alsubhi; Y. Alhazmi; N. Bouabdallah; R. Boutaba

Addresses: David R. Cheriton School of Computer Science, University of Waterloo, Waterloo, ON, Canada, N2L 3G1 ' Electrical and Computer Engineering, University of Waterloo, Ontario, Canada ' INRIA, Campus Universitaire de Beaulieu, Rennes Cedex 35042, France ' David R. Cheriton School of Computer Science, University of Waterloo, Waterloo, ON, Canada, N2L 3G1; Division of IT Convergence Engineering, POSTECH, Pohang, KB 790-784, Korea

Abstract: This paper aims to study the impact of security enforcement levels on the performance and usability of an enterprise information system. We develop a new analytical model to investigate the relationship between the Intrusion Detection and Prevention System performance and the rules mode selection. In particular, we analyze the IDPS rule-checking process along with its consequent action on the resulting security of the network and on the average service time per event. Simulation was conducted to validate our performance analysis study. The results demonstrate that it is desirable to strike a balance between system security and network performance.

Keywords: security performance evaluation; security configuration management; IDPS; intrusion detection; intrusion prevention; security enforcement levels; enterprise information systems; modelling; network security; rule checking; simulation.

DOI: 10.1504/IJSN.2012.048493

International Journal of Security and Networks, 2012 Vol.7 No.1, pp.30 - 39

Published online: 11 Aug 2012 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article