MicroSec Traffic: Using Traffic Engineering Strategies to Improve Efficiency of Intrusion Detection Systems
Abstract
This work proposes MicroSec Traffic, an approach to improve the efficiency of traditional IDS solutions based on rule-defined signatures and anomalies by reducing the data load of network traffic without compromising threat detection. The technique requires no modifications to IDS tools such as Snort or Suricata; only adjustments to the rules in use. Evaluated in a controlled scenario with Snort, the approach proved effective in maintaining alert generation while reducing both processing time and data volume.
References
Asad, H., Adhikari, S., and Gashi, I. (2024). A perspective–retrospective analysis of diversity in signature-based open-source network intrusion detection systems. International Journal of Information Security, 23(2):1331–1346.
Ashoor, A. S. and Gore, S. (2011). Difference between intrusion detection system (ids) and intrusion prevention system (ips). In International Conference Advances in Network Security and Applications, pages 497–501.
da Silveira, V. F. M., Muhlmann, J. M., and Fulber-Garcia, V. (2025). Demons++: Utilizando técnicas de modelagem de tráfego no combate de ddos via serviço demons. In Computer On The Beach.
Dang, H. T., Wang, H., et al. (2017). Whippersnapper: A p4 language benchmark suite. In Symposium on SDN Research, pages 95–101.
Dong, L. and Clemm, A. (2021). High-precision end-to-end latency guarantees using packet wash. In IFIP/IEEE International Symposium on Integrated Network Management, pages 260–267.
Flach, T., Papageorge, P., Terzis, A., Pedrosa, L., Cheng, Y., Karim, T., Katz-Bassett, E., and Govindan, R. (2016). An internet-wide analysis of traffic policing. In ACM SIGCOMM Conference, pages 468–482.
Frasão, A., Heinrich, T., et al. (2024). I see syscalls by the seashore: An anomaly-based ids for containers leveraging sysdig data. IEEE Symposium on Computers and Communications, pages 1–6.
Fulber-Garcia, V., de Freitas Gaiardo, G., da Cruz Marcuzzo, L., Nunes, R. C., and dos Santos, C. R. P. (2018). Demons: A ddos mitigation nfv solution. In IEEE International Conference on Advanced Information Networking and Applications, pages 769–776.
Garcia-Teodoro, P., Diaz-Verdejo, J., Maciá-Fernández, G., and Vázquez, E. (2009). Anomaly-based network intrusion detection: Techniques, systems and challenges. Computers & Security, 28(1):18–28.
Hirakawa, T., Ogura, K., Bista, B. B., and Takata, T. (2016). A defense method against distributed slow http dos attack. In International Conference on Network-Based Information Systems, pages 152–158.
Høiland-Jørgensen, T., Brouer, J. D., et al. (2018). The express data path: Fast programmable packet processing in the operating system kernel. In International Conference on Emerging Networking Experiments and Technologies, pages 54–66.
Kepios, Social, W. A., and Meltwater (2025). Digital 2025: Global overview report.
Lewis, B., Broadbent, M., and Race, N. (2019). P4id: P4 enhanced intrusion detection. In IEEE Conference on Network Function Virtualization and Software Defined Networks, pages 1–4.
Liang, L., Zheng, K., Sheng, Q., and Huang, X. (2016). A denial of service attack method for an iot system. In International Conference on Information Technology in Medicine and Education, pages 360–364.
Liao, H.-J., Lin, C.-H. R., Lin, Y.-C., and Tung, K.-Y. (2013). Intrusion detection systems: A comprehensive review. Journal of Network and Computer Applications, 36(1):16–24.
Machnicki, R. K., Correia, J., Penteado, U., Fulber-Garcia, V., and Grégio, A. (2024). Sapo-boi: Pulando a pilha de rede no desenvolvimento de um nids baseado em bpf/xdp. In Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais, pages 538–553.
Marcon, M., Dischinger, M., Gummadi, K. P., and Vahdat, A. (2011). The local and global effects of traffic shaping in the internet. In International Conference on Communication Systems and Networks, pages 1–10.
Pedreno-Manresa, J.-J., Khodashenas, P. S., Siddiqui, M. S., and Pavon-Marino, P. (2017). Dynamic qos/qoe assurance in realistic nfv-enabled 5g access networks. In International Conference on Transparent Optical Networks, pages 1–4.
Shafi, M., Lashkari, A. H., and Roudsari, A. H. (2025). Toward generating a large scale intrusion detection dataset and intruders behavioral profiling using network and transportation layers traffic flow analyzer (ntlflowlyzer). Journal of Network and Systems Management, 33(2):44.
Sharafaldin, I., Lashkari, A. H., and Ghorbani, A. A. (2017). Intrusion detection evaluation dataset (cic-ids2017).
Sharafaldin, I., Lashkari, A. H., and Ghorbani, A. A. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. In International Conference on Information Systems Security and Privacy.
Shorey, T., Subbaiah, D., Goyal, A., Sakxena, A., and Mishra, A. K. (2018a). Performance comparison and analysis of slowloris, goldeneye and xerxes ddos attack tools. In International Conference on Advances in Computing, Communications and Informatics, pages 318–322.
Shorey, T., Subbaiah, D., Goyal, A., Sakxena, A., and Mishra, A. K. (2018b). Performance comparison and analysis of slowloris, goldeneye and xerxes ddos attack tools. In International Conference on Advances in Computing, Communications and Informatics, pages 318–322.
Soniya, S. S. and Vigila, S. M. C. (2016). Intrusion detection system: Classification and techniques. In International Conference on Circuit, Power and Computing Technologies, pages 1–7.
Waleed, A., Jamali, A. F., and Masood, A. (2022). Which open-source ids? snort, suricata or zeek. Computer Networks, 213:109116.
Wang, N., Ho, K. H., Pavlou, G., and Howarth, M. (2008). An overview of routing optimization for internet traffic engineering. IEEE Communications Surveys & Tutorials, pages 36–56.
Wang, S.-Y. and Chang, J.-C. (2022). Design and implementation of an intrusion detection system by using extended bpf in the linux kernel. Journal of Network and Computer Applications, 198:103283.
Xavier, B. M., Dzaferagic, M., Collins, D., Comarela, G., Martinello, M., and Ruffini, M. (2023). Machine learning-based early attack detection using open ran intelligent controller. In IEEE International Conference on Communications, pages 1856–1861.
Zhao, Z., Sadok, H., et al. (2020). Achieving 100gbps intrusion prevention on a single server. In USENIX Symposium on Operating Systems Design and Implementation, pages 1083–1100.
Ashoor, A. S. and Gore, S. (2011). Difference between intrusion detection system (ids) and intrusion prevention system (ips). In International Conference Advances in Network Security and Applications, pages 497–501.
da Silveira, V. F. M., Muhlmann, J. M., and Fulber-Garcia, V. (2025). Demons++: Utilizando técnicas de modelagem de tráfego no combate de ddos via serviço demons. In Computer On The Beach.
Dang, H. T., Wang, H., et al. (2017). Whippersnapper: A p4 language benchmark suite. In Symposium on SDN Research, pages 95–101.
Dong, L. and Clemm, A. (2021). High-precision end-to-end latency guarantees using packet wash. In IFIP/IEEE International Symposium on Integrated Network Management, pages 260–267.
Flach, T., Papageorge, P., Terzis, A., Pedrosa, L., Cheng, Y., Karim, T., Katz-Bassett, E., and Govindan, R. (2016). An internet-wide analysis of traffic policing. In ACM SIGCOMM Conference, pages 468–482.
Frasão, A., Heinrich, T., et al. (2024). I see syscalls by the seashore: An anomaly-based ids for containers leveraging sysdig data. IEEE Symposium on Computers and Communications, pages 1–6.
Fulber-Garcia, V., de Freitas Gaiardo, G., da Cruz Marcuzzo, L., Nunes, R. C., and dos Santos, C. R. P. (2018). Demons: A ddos mitigation nfv solution. In IEEE International Conference on Advanced Information Networking and Applications, pages 769–776.
Garcia-Teodoro, P., Diaz-Verdejo, J., Maciá-Fernández, G., and Vázquez, E. (2009). Anomaly-based network intrusion detection: Techniques, systems and challenges. Computers & Security, 28(1):18–28.
Hirakawa, T., Ogura, K., Bista, B. B., and Takata, T. (2016). A defense method against distributed slow http dos attack. In International Conference on Network-Based Information Systems, pages 152–158.
Høiland-Jørgensen, T., Brouer, J. D., et al. (2018). The express data path: Fast programmable packet processing in the operating system kernel. In International Conference on Emerging Networking Experiments and Technologies, pages 54–66.
Kepios, Social, W. A., and Meltwater (2025). Digital 2025: Global overview report.
Lewis, B., Broadbent, M., and Race, N. (2019). P4id: P4 enhanced intrusion detection. In IEEE Conference on Network Function Virtualization and Software Defined Networks, pages 1–4.
Liang, L., Zheng, K., Sheng, Q., and Huang, X. (2016). A denial of service attack method for an iot system. In International Conference on Information Technology in Medicine and Education, pages 360–364.
Liao, H.-J., Lin, C.-H. R., Lin, Y.-C., and Tung, K.-Y. (2013). Intrusion detection systems: A comprehensive review. Journal of Network and Computer Applications, 36(1):16–24.
Machnicki, R. K., Correia, J., Penteado, U., Fulber-Garcia, V., and Grégio, A. (2024). Sapo-boi: Pulando a pilha de rede no desenvolvimento de um nids baseado em bpf/xdp. In Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais, pages 538–553.
Marcon, M., Dischinger, M., Gummadi, K. P., and Vahdat, A. (2011). The local and global effects of traffic shaping in the internet. In International Conference on Communication Systems and Networks, pages 1–10.
Pedreno-Manresa, J.-J., Khodashenas, P. S., Siddiqui, M. S., and Pavon-Marino, P. (2017). Dynamic qos/qoe assurance in realistic nfv-enabled 5g access networks. In International Conference on Transparent Optical Networks, pages 1–4.
Shafi, M., Lashkari, A. H., and Roudsari, A. H. (2025). Toward generating a large scale intrusion detection dataset and intruders behavioral profiling using network and transportation layers traffic flow analyzer (ntlflowlyzer). Journal of Network and Systems Management, 33(2):44.
Sharafaldin, I., Lashkari, A. H., and Ghorbani, A. A. (2017). Intrusion detection evaluation dataset (cic-ids2017).
Sharafaldin, I., Lashkari, A. H., and Ghorbani, A. A. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. In International Conference on Information Systems Security and Privacy.
Shorey, T., Subbaiah, D., Goyal, A., Sakxena, A., and Mishra, A. K. (2018a). Performance comparison and analysis of slowloris, goldeneye and xerxes ddos attack tools. In International Conference on Advances in Computing, Communications and Informatics, pages 318–322.
Shorey, T., Subbaiah, D., Goyal, A., Sakxena, A., and Mishra, A. K. (2018b). Performance comparison and analysis of slowloris, goldeneye and xerxes ddos attack tools. In International Conference on Advances in Computing, Communications and Informatics, pages 318–322.
Soniya, S. S. and Vigila, S. M. C. (2016). Intrusion detection system: Classification and techniques. In International Conference on Circuit, Power and Computing Technologies, pages 1–7.
Waleed, A., Jamali, A. F., and Masood, A. (2022). Which open-source ids? snort, suricata or zeek. Computer Networks, 213:109116.
Wang, N., Ho, K. H., Pavlou, G., and Howarth, M. (2008). An overview of routing optimization for internet traffic engineering. IEEE Communications Surveys & Tutorials, pages 36–56.
Wang, S.-Y. and Chang, J.-C. (2022). Design and implementation of an intrusion detection system by using extended bpf in the linux kernel. Journal of Network and Computer Applications, 198:103283.
Xavier, B. M., Dzaferagic, M., Collins, D., Comarela, G., Martinello, M., and Ruffini, M. (2023). Machine learning-based early attack detection using open ran intelligent controller. In IEEE International Conference on Communications, pages 1856–1861.
Zhao, Z., Sadok, H., et al. (2020). Achieving 100gbps intrusion prevention on a single server. In USENIX Symposium on Operating Systems Design and Implementation, pages 1083–1100.
Published
2025-09-01
How to Cite
HERBELE, Mateus dos Santos; MACHNICKI, Raphael Kaviak; FULBER-GARCIA, Vinicius.
MicroSec Traffic: Using Traffic Engineering Strategies to Improve Efficiency of Intrusion Detection Systems. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 25. , 2025, Foz do Iguaçu/PR.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 592-608.
DOI: https://doi.org/10.5753/sbseg.2025.11394.
