A. Biswas and P. Sinha (Canada)
Hardening network intrusion detection sensor, libpcap.
Hackers may attack and disable the Network Intrusion Detection System (NIDS) before attacking the network. So the NIDS needs to be hardened by improving the packet capturing, dispatching and real-time scheduling performance of the underlying platform. We have designed and implemented a superior platform for NIDS sensors. This platform constitutes: Linux OS, a co-kernel with a real-time task scheduler (RTAI-LXRT), a high performance packet capturing interface embedded within popular "libpcap" library and a high performance packet dispatching interface. We demonstrate that this combined platform outperforms NAPI, PFRING and Linux kernel under heavy network load in terms of higher packet capturing capacity and superior real-time behavior. These findings indicate that the proposed scheme will harden a given Linux based user space NIDS application.
Important Links:
Go Back
