X. Chen, Y. Wu, L. Xu, Y. Xue, and J. Li (PRC)
Network Security, Snort, Multi-core
As security threats and network bandwidth increase in a very fast pace, there is a growing interest in designing high performance network intrusion detection system (NIDS). This paper presents a parallelization strategy for the popular open-source Snort to build a high performance NIDS on multi-core IA platform. A modular design of parallel NIDS based on Snort is proposed in this paper. Named Para-Snort, it enables flexible and easy module design. This paper also analyzed the performance impact of load balancing and multi-pattern matching. Modified-JSQ and AC-WM algorithms are implemented in order to resolve the bottlenecks and improve the performance of the system. Experimental results show that Para-Snort achieves significant speedup of 4 to 6 times for various traces with a 7-thread parallelizing test setup.
Important Links:
Go Back
