Go to DBLP homepageImproving the Efficiency of Intrusion Detection Systems by Optimizing Rule Deployment Across Multiple IDSs
Abstract: Intrusion Detection Systems (IDS) are strategically installed on specific nodes of an enterprise network to detect ongoing attempts to exploit vulnerable systems. However, deploying a large number of detection rules in each IDS may reduce their efficiency and effectiveness, especially when an IDS is monitoring high-speed data communication channels. Existing research on optimal IDS placement strategies does not address the problem at such a level of granularity. This paper proposes a novel approach for strategic rule deployment subject to various practical constraints. Attack graph-based modeling, along with knowledge of the network topology, is employed to identify the set of suitable rules for deployment on individual IDSs, and capacity constraints are considered to balance the load across IDSs. We provide a formal specification of the optimization problem and propose a practical heuristic solution based on a genetic algorithm.
Loading