Optimal Traffic Scheduling for Intrusion Prevention Systems

Jorge Crichigno, Mahsa Pourvali, Farooq Shaikh, Ammar Rayes, Elias Bou-Harb, Nasir Ghani


A major challenge for intrusion prevention system (IPS) sensors in today’s Internet is the amount of traffic these devices have to inspect. Hence this paper presents a linear program (LP) for traffic scheduling in multi-sensor environments that alleviates inspection loads at IPS sensors. The model discriminates traffic flows so that the amount of inspected suspicious traffic is
maximized. While the LP is not constrained to integral solutions, traffic belonging to a flow is mostly scheduled for inspection to a single sensor, which facilitates the collection of state information. An analysis of how the Simplex algorithm solves the model and numerical results demonstrate that state information can be preserved without imposing integral constraints. This benefit
also prevents the LP from becoming an integer LP, and this is essential for efficiently implementing the proposed model. The paper also shows that the ratio of the total number of flows integrally inspected by a single sensor to the total number of flows inspected in a multi-sensor environment depends upon the
ratio of IPS sensor capacity to flow traffic rate. Finally, some practical deployment observations are also presented. 

Full Text:



V. Sekar, R. Krishnaswamy, A. Gupta, M. Reiter, “Network-Wide Deployment of Intrusion Detection and Prevention Systems,” ACM International Conference on Emerging Networking Experiments and Technologies (CoNEXT), Philadelphia, PA, Nov. 2010.

A. Le, E. Al-Shaer, R. Boutaba, “On Optimizing Load Balancing of Intrusion Detection and Prevention Systems,” IEEE International Conference on Computer Communications (INFOCOM), Phoenix, AZ, Apr. 2008.

Cisco Systems, [Online]. Available: http://www.cisco.com

ESnet, [Online]. Available: http://fasterdata.es.net/science-dmz

J. Crichigno, N. Ghani, “A Linear Programming Scheme for IPS Traffic Scheduling,” IEEE International Conference on Telecommunications and Signal Processing (TSP), Prague, Czech Republic, July 2015.

W. Stallings, “Network Security Essentials,” 5th Edition, Prentice Hall, 2013.

H. Jiang, G. Zhang, G. Xie, K. Salamatian, L. Mathy, “Scalable High-Performance Parallel Design for Network Intrusion Detection Systems on Many-Core Processors,” ACM/IEEE Symposium on Architectures for Networking and Communications Systems, San Jose, CA, Oct. 2013.

L. Foschini, A. Thapliyal, L. Cavallaro, C. Kruegel, G. Vigna, “A Parallel Architecture for Stateful, High-Speed Intrusion Detection,”, International Conference on Information Systems Security, Hyderabad, India, Dec. 2008.

A. Le, E. Al-Shaer, R. Batouba, “Correlation-Based Load Balancing for Intrusion Detection and Prevention Systems,” International Conference on Security and Privacy in Communication Networks, Istanbul, Turkey, Sep. 2008.

L. Zhang, G. Shou, Y. Hu, Z. Guo, “Deployment of Intrusion Prevention System Based on Software Defined Networking,” IEEE International Conference on Communication Technology (ICCT), Guilin, China, Nov. 2013.

S. Laniepce, M. Lacoste, M. Kassi-Lahlou, F. Bignon, K. Lazri, A. Wailly, “Engineering Intrusion Prevention Services for IaaS Clouds: The Way of the Hypervisor,” IEEE International Symposium on Service Oriented System Engineering (SOSE), San Francisco, CA, Mar. 2013.

T. Xing, D. Huang, L. Xu, C. Chung, P. Khatkar, “SnortFlow: A OpenFlow-Based Intrusion Prevention System in Cloud Environment,” GENI Research and Educational Experiment Workshop (GREE2013), Salt Lake City, UT, Mar. 2013.

J. Crichigno, N. Ghani, J. Khoury, W. Shu, M. Wu, “Dynamic Routing Optimization in WDM Networks,” IEEE Global Communications Conference (GLOBECOM), Miami, FL, Dec. 2010.

S. Boyd, L. Vandenberghe, “Convex Optimization,” Cambridge University Press, 2004.

Netflow, [Online]. Available: http://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-netflow

C. Brase, C. Brase, “Understanding Basic Statistics,” 6th Edition, Cengage Learning, 2012.

DOI: http://dx.doi.org/10.11601/ijates.v6i2.201


  • There are currently no refbacks.