By Topic

On the deployment strategy of distributed network security sensors

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Chengchen Hu ; Dept. of Comput. Sci. & Technol., Tsinghua Univ., Beijing, China ; Zhen Liu ; Chen, Zhen ; Bin Liu

Current centralized network intrusion detection systems (NIDS) typically position their sensors at the network access aggregation points and have several limitations on performance and effectiveness. We propose the deployment of "distributed network security sensors (DNSS)" distributed among the nodes of the internal network to monitor traffic of the internal network. We study the tradeoff between deployment cost and monitoring coverage to determine the locations and processing rates of security sensors. Because of the uncertain nature of flow rates, we build a fuzzy optimization model and develop a hybrid intelligent algorithm to solve the problem. Using an actual network topology, we check the relationships among the deployment cost, sensors deployment, and the monitoring coverage. The results demonstrate that a small number of low-speed sensors are sufficient to maintain high monitoring coverage in a high-speed network.

Published in:

Networks, 2005. Jointly held with the 2005 IEEE 7th Malaysia International Conference on Communication., 2005 13th IEEE International Conference on  (Volume:1 )

Date of Conference:

16-18 Nov. 2005