Optimising IDS Sensor Placement

Abstract

In large network environments multiple intrusion detection sensors are needed to adequately monitor network traffic. However, deploying and managing additional sensors on a large network can be a demanding task, and organizations have to balance their desire for detecting intrusions throughout their network with financial and staffing limitations. This paper investigates how intrusion detection system (IDS) sensors should best be placed on a network when there are several competing evaluation criteria. This is a computationally difficult problem and we show how Multi-Objective Genetic Algorithms provide an excellent means of searching for optimal placements.