International Journal of Advances in Telecommunications, Electrotechnics, Signals and Systems (Jul 2017)

Optimal Traffic Scheduling for Intrusion Prevention Systems

  • Jorge Crichigno,
  • Mahsa Pourvali,
  • Farooq Shaikh,
  • Ammar Rayes,
  • Elias Bou-Harb,
  • Nasir Ghani

DOI
https://doi.org/10.11601/ijates.v6i2.201
Journal volume & issue
Vol. 6, no. 2
pp. 73 – 79

Abstract

Read online

A major challenge for intrusion prevention system (IPS) sensors in today’s Internet is the amount of traffic these devices have to inspect. Hence this paper presents a linear program (LP) for traffic scheduling in multi-sensor environments that alleviates inspection loads at IPS sensors. The model discriminates traffic flows so that the amount of inspected suspicious traffic is maximized. While the LP is not constrained to integral solutions, traffic belonging to a flow is mostly scheduled for inspection to a single sensor, which facilitates the collection of state information. An analysis of how the Simplex algorithm solves the model and numerical results demonstrate that state information can be preserved without imposing integral constraints. This benefit also prevents the LP from becoming an integer LP, and this is essential for efficiently implementing the proposed model. The paper also shows that the ratio of the total number of flows integrally inspected by a single sensor to the total number of flows inspected in a multi-sensor environment depends upon the ratio of IPS sensor capacity to flow traffic rate. Finally, some practical deployment observations are also presented.