Abstract—To avoid increasing threats of intrusion or vulnerabilities, networks require flexible and efficient security systems. Intrusion detection system (IDS) is the basic component of any network defense scheme. Different IDS use several techniques for Intrusion detection. Signature base detection techniques are widely used in networks for fast response to detect threats. Regarding the intrusion detection technique, one of the main challenges is to control the huge traffic volume where each packet needs to be compared with the known signature database and reduce the comparison time of signatures in it. In this paper we analyze different techniques and proposed a new architecture that can handle the attacks by using multiple agents with small databases at high success rate by dynamically updating the signature database. Proposed method reduces the IDS processing time and improves its efficiency.
Index Terms—IDS, signature base, agent.
Hafiz Gulfam Ahmad Umar is with the College of Computer Science, Chongqing University, Chongqing, 400044, China (e-mail: gulfamahmad@uaf.edu.pk).
Chuandong Li is with the College of Computer and Information Science, Southwest University, Chongqing, 400044, China (e-mail: cdli@swu.edu.cn).
Zeeshan Ahmad is with the School of Communication Engineering, Chongqing University, Chongqing, 400044, China (e-mail: engr.zeeshan@hotmail.com).
[PDF]
Cite:Hafiz Gulfam Ahmad Umar, Chuandong Li, and Zeeshan Ahmad, "Parallel Component Agent Architecture to Improve the Efficiency of Signature Based NIDS," Journal of Advances in Computer Networks vol. 2, no. 4, pp. 269-273, 2014.