Performance oriented dynamic bypassing for intrusion detection systems

Abstract

Attacks on software systems are becoming more and more frequent, aggressive, and sophisticated. In 2018, with the changing threat landscape, organizations are looking at'when' they will be attacked, not'if'. An Intrusion Detection System (IDS) can help in defending against these attacks. The systems that host IDS require extensive computing resources as IDS tend to detect attacks under overloaded conditions wrongfully. With the end of Moore's law and the growing adoption of the Internet of Things, designers of security systems can no longer expect processing power to keep up the pace. This limitation requires ways to increase the performance of these systems without additional computation power. In this work, we present two dynamic and a static approach to bypass IDS for traic deemed benign. We provide a prototype implementation and evaluate our solution. Our evaluation shows promising results. Performance is increased up to the level of a system without an IDS. Attack detection is within the margin of error from the 100% rate. However, our indings show that dynamic approaches perform best when using software switches. The use of a hardware switch reduces the detection rate and performance signiicantly.