Jong Woon Park, Kee Wan Hong and Ki Yoong Hong
Secuve Co.
emails: {hizcool, kwhong, ceo}@secuve.com
The globalization of IT Infrastructure has brought about a great increase in the volume of network users and data, and also has increased the possibility of internal and external intrusions into important assets of an organization. These kinds of changes have shown the limitations of NIDS, which detects abnormal activities through network packet. The increase in network bandwidth causes load of NIDS packet collection and analysis, which leads to packet loss. This means NIDS is unable to get necessary data to detect abnormal activities. And, the increase and changes of network service continuously reveal new vulnerability, through which the unknown new attacks will be increased by multiple. NIDS which detects abnormal activities by developing detection pattern to each attack reaches its performance limitation of increased processing load due to continuously increasing detection patterns. Therefore, this paper presents design principles considered in developing NIDS to overcome its performance limitations, and proves the effectiveness of these suggested design principles through test models.