Improving the Efficiency of Intrusion Detection Systems by Optimizing Rule Deployment Across Multiple IDSs

Arka Ghosh; Massimiliano Albanese; Preetam Mukherjee; Amir Alipour-Fanid

doi:10.5220/0012814500003767

Improving the Efficiency of Intrusion Detection Systems by Optimizing Rule Deployment Across Multiple IDSs

Arka Ghosh, Massimiliano Albanese, Preetam Mukherjee, Amir Alipour-Fanid

2024

Abstract

Intrusion Detection Systems (IDS) are strategically installed on specific nodes of an enterprise network to detect ongoing attempts to exploit vulnerable systems. However, deploying a large number of detection rules in each IDS may reduce their efficiency and effectiveness, especially when an IDS is monitoring high-speed data communication channels. Existing research on optimal IDS placement strategies does not address the problem at such a level of granularity. This paper proposes a novel approach for strategic rule deployment subject to various practical constraints. Attack graph-based modeling, along with knowledge of the network topology, is employed to identify the set of suitable rules for deployment on individual IDSs, and capacity constraints are considered to balance the load across IDSs. We provide a formal specification of the optimization problem and propose a practical heuristic solution based on a genetic algorithm.

Download

Paper Citation

in Harvard Style

Ghosh A., Albanese M., Mukherjee P. and Alipour-Fanid A. (2024). Improving the Efficiency of Intrusion Detection Systems by Optimizing Rule Deployment Across Multiple IDSs. In Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT; ISBN 978-989-758-709-2, SciTePress, pages 536-543. DOI: 10.5220/0012814500003767

in Bibtex Style

@conference{secrypt24,
author={Arka Ghosh and Massimiliano Albanese and Preetam Mukherjee and Amir Alipour-Fanid},
title={Improving the Efficiency of Intrusion Detection Systems by Optimizing Rule Deployment Across Multiple IDSs},
booktitle={Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT},
year={2024},
pages={536-543},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012814500003767},
isbn={978-989-758-709-2},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT
TI - Improving the Efficiency of Intrusion Detection Systems by Optimizing Rule Deployment Across Multiple IDSs
SN - 978-989-758-709-2
AU - Ghosh A.
AU - Albanese M.
AU - Mukherjee P.
AU - Alipour-Fanid A.
PY - 2024
SP - 536
EP - 543
DO - 10.5220/0012814500003767
PB - SciTePress