Rule Mode Selection in Intrusion Detection and Prevention Systems
Protection and performance are the major requirements for any Intrusion Detection and/or Prevention System (IDPS). Existing IDPSs do not seem to provide a satisfactory method of achieving these two conflicting goals. Intrusion Detection Systems (IDSs) fulfill the network performance requirement but exhibit poor protection under successive attacks. On the other hand, Intrusion Prevention Systems (IPSs) can protect the network by dropping the malicious packets that match any attacking pattern; however, this can have a negative impact on network performance in terms of delay as the attacking patterns increase.