An overview to Software Architecture in Intrusion Detection System

TL;DR

This paper reviews various software architectures for intrusion detection systems and proposes a high-performance model combining hardware and software components to handle high-speed network traffic efficiently.

Contribution

It introduces a novel hybrid architecture that integrates hardware-based network processors with software sensors for improved high-speed intrusion detection.

Findings

Enhanced processing speed for high traffic volumes

Effective load balancing with network processor

Improved detection performance in high-speed networks

Abstract

Today by growing network systems, security is a key feature of each network infrastructure. Network Intrusion Detection Systems (IDS) provide defense model for all security threats which are harmful to any network. The IDS could detect and block attack-related network traffic. The network control is a complex model. Implementation of an IDS could make delay in the network. Several software-based network intrusion detection systems are developed. However, the model has a problem with high speed traffic. This paper reviews of many type of software architecture in intrusion detection systems and describes the design and implementation of a high-performance network intrusion detection system that combines the use of software-based network intrusion detection sensors and a network processor board. The network processor which is a hardware-based model could acts as a customized load balancing splitter. This model cooperates with a set of modified content-based network intrusion detection sensors rather than IDS in processing network traffic and controls the high-speed.