Resumen
A major challenge for intrusion prevention system (IPS) sensors in today?s Internet is the amount of traffic these devices have to inspect. Hence this paper presents a linear program (LP) for traffic scheduling in multi-sensor environments that alleviates inspection loads at IPS sensors. The model discriminates traffic flows so that the amount of inspected suspicious traffic ismaximized. While the LP is not constrained to integral solutions, traffic belonging to a flow is mostly scheduled for inspection to a single sensor, which facilitates the collection of state information. An analysis of how the Simplex algorithm solves the model and numerical results demonstrate that state information can be preserved without imposing integral constraints. This benefitalso prevents the LP from becoming an integer LP, and this is essential for efficiently implementing the proposed model. The paper also shows that the ratio of the total number of flows integrally inspected by a single sensor to the total number of flows inspected in a multi-sensor environment depends upon theratio of IPS sensor capacity to flow traffic rate. Finally, some practical deployment observations are also presented.