Journal of Computer Science 7 (7): 1094-1104, 2011 ISSN 1549-3636 © 2011 Science Publications 1094 Towards an Integrated Intrusion Detection Monitoring in High Speed Networks Hassen Sallay Department of Computer Sciences, College of Computer and information Sciences Imam Mohamad ibn Saud University, Riyadh, Saudi Arabia Abstract: Problem statement: Security Management has become a critical aspect for large scale distributed systems. Particularly, recent Distributed Intrusion Detection Systems (DIDS) schemes in High Speed Networks (HSN) have raised new serious management problems and challenges. Increasing the effectiveness of IDS monitoring is primordial to satisfy the restrictive constraints in such large multi-domains environment for narrow context of HSN. Approach: We consider the intrusion detection monitoring as a two facets entity: one at local level (single domain) and another at the global one (multi-domains). Through the local level, evolution of single domain intrusion detection process (vulnerability data collection, alert generation and sensor configuration according to some improvement scenarios) can be monitored. The global level represents evolution of multi-domain intrusion detection process as well as the eventual security defending process through overall network (policy generation, load balancing operations and global alert correlation). Differentiating these two facets, leads to the design of a scalable intrusion detection management solution. Results: The effectiveness of DIDS management in HSN had been studied and an IDS scalable monitoring architecture for multi-domains had been proposed. Several scenarios of Snort IDS showed an improvement on the performance of real-time detection. An integration of a set of tools provided a convivial IDS monitoring platform. Conclusion: To satisfy the constraints of Intrusion detection process in term of real-time and efficiency in HSN we need to monitor efficiently the IDS process. In this context, the management framework outlined is more appropriate, convenient and efficient. The herein proposed architecture, the snort IDS improvement techniques and the integrated platform played a crucial role in improving of IDS real-time monitoring. Key words: Intrusion Detection Systems (IDS), high speed networks, management architecture, PBNM monitoring, Snort Benchmarking, Integrated monitoring INTRODUCTION The goal of security management is to control the access to sensitive information and resources based on security policies to prevent and defend against intentional or unintentional attacks in the network. Among the well-known network defending techniques stay the Intrusion Detection Systems (IDS). The IDS scans the incoming or outgoing network traffic in order to detect the malicious or suspicious activities. As networks become faster such that the High Speed Networks (HSN), there is a need for IDS to perform security analysis techniques that can keep up with the increased network throughput otherwise it becomes a network bottleneck. Efficient management of Distributed IDS (DIDS) is both a crucial requirement and a major challenge for security services. Building management solutions which can address scalability, efficiency and real-time constraints for IDS is a key to their successful deployment. But, due to the differences between high speed networks and usual networks, the potentially huge number of packets evolved over time, the design and implementation of the afore mentioned management services are much more complex to achieve. Related work: Several efforts are driven in the literature in the context of intrusion detection process. (Wang and Liu, 2008) establishes a whole work model on the basis of intrusion detection techniques and proposes to establish a data warehouse of intrusion detection to provide an efficient and stable system. (Roschke et al., 2009) presents an extensible IDS management architecture to manage security event and correlation. It is based on the virtualization concept which integrates and handles different types of sensors or collects and synthesizes alerts generated from multiple hosts located in a loosely coupled environment. Yu et al. (2004), an intrusion alert management system based on a collaborative architecture design for multiple intrusion detection