Skip to Main Content
Current centralized network intrusion detection systems (NIDS) typically position their sensors at the network access aggregation points and have several limitations on performance and effectiveness. We propose the deployment of "distributed network security sensors (DNSS)" distributed among the nodes of the internal network to monitor traffic of the internal network. We study the tradeoff between deployment cost and monitoring coverage to determine the locations and processing rates of security sensors. Because of the uncertain nature of flow rates, we build a fuzzy optimization model and develop a hybrid intelligent algorithm to solve the problem. Using an actual network topology, we check the relationships among the deployment cost, sensors deployment, and the monitoring coverage. The results demonstrate that a small number of low-speed sensors are sufficient to maintain high monitoring coverage in a high-speed network.