Abstract
As a complex security tool, the Network-based Intrusion Detection System (NIDS) goes beyond the role of a traditional firewall, by detecting any network security threats with its advanced monitoring of network traffic and its intrusions and anomaly detecting sensors. However, the NIDS is prone to challenges and difficulties in an overloaded state, becoming a bottleneck in a network. Although many solutions have been suggested, they are not completely reliable as each of them also come with disadvantages. This paper not only investigated a design of an architecture which allows NIDS to run in parallel, but also managed to create two algorithms which dynamically adjusts and divides the signature rules evenly across NIDS nodes, showing an adaptive behavior as the result of reducing the number of packets dropped. The paper also discusses adaptive behavior as a system which is able to react and change itself based on certain system load parameters, through monitoring the hardware specifications, computer system resource, or the application code itself depending on how the model for adaption is designed. The results of this study indicate that running NIDS in parallel achieve reduction of packet dropped are achievable. Additionally dynamic scaling of NIDS nodes is functional, while maintaining the NIDS's integrity in terms of computer system resource usage and packet drop rate. All in all, this paper managed to achieve its goals by contributing to the already existent NIDS- related studies with a new architecture design which offers an innovative solution to the challenges of an overloaded NIDS system. The parallel network intrusion detection system architecture explored in this study has been verified to reduce the processing time in pattern matching, therefore, achieving the goal of enhancing the NIDS.