High Performance Intrusion Detection and Prevention Systems: A Survey

There is an enormous growth of industrial applications using internet communication. Secure network is a prime objective for the survival of any organization. Network monitoring and defence systems have become an integral part of network security for identifying and preventing potential attacks. Intrusion Detection and Prevention Systems (IDPS) are network based defence systems which combines Intrusion Detection System (IDS) and a firewall. In contrast to IDS, IDPS is a proactive technique which provides both quick reactions to potential threats and attacks in a network as well as preventing the attacks from entering the network. Current generation IDPS have their limitations on their performance and effectiveness. Some studies have proven that the modern IDPS have difficulties in dealing with high-speed network traffic. Meeting the current network requirements there exist several research approaches to find an efficient IDPS. Nevertheless, serious security and privacy breaches still occur every day, creating an absolute necessity to provide secure and safe information security systems. This survey provides an up-to-date comprehensive review on state of the art of IDPS based on different accelerating techniques, different detection algorithms, types of hardware and optimizing algorithms to match the demand requirements of high speed network. A detailed overview on high performance IDS and IDPS along with pros and cons of individual techniques will be given. This paper also highlights and discusses the requirement for developing a new IDPS to detect the known and unknown threats.