Performance Enhancement of Snort IDS through Kernel Modification

被引：0

作者：

Changazi, Sabir Ali ^{[1
]}

Shafi, Imran ^{[2
]}

Saleh, Khaled ^{[3
]}

Islam, M. Hasan ^{[4
]}

Hussainn, Syed Muzammil ^{[1
]}

Ali, Atif ^{[5
]}

机构：

[1] Riphah Int Univ, Dept Comp, Islamabad, Pakistan

[2] Natl Univ Sci & Technol NUST, Dept Elect Engn, Islamabad, Pakistan

[3] Khalifa Univ, ECE Dept, Abu Dhabi, U Arab Emirates

[4] Natl Univ Sci & Technol NUST, Dept Comp Engn, Islamabad, Pakistan

[5] PMAS Arid Agr Univ, Univ Inst Informat Technol, Rawalpindi, Pakistan

来源：

2019 8TH INTERNATIONAL CONFERENCE ON INFORMATION AND COMMUNICATION TECHNOLOGIES (ICICT 2019) | 2019年

关键词：

intrusion detection; snort packet handling capacity; kernel modifications; performance enhancement metrics; INTRUSION DETECTION;

D O I：

10.1109/icict47744.2019.9001286

中图分类号：

TP39 [计算机的应用];

学科分类号：

081203 ; 0835 ;

摘要：

Performance and improved packet handling capacity against high traffic load are important requirements for an effective intrusion detection system (IDS). Snort is one of the most popular open-source intrusion detection system which runs on Linux. This research article discusses ways of enhancing the performance of Snort by modifying Linux key parameters related to NAPI packet reception mechanism within the Linux kernel networking subsystem. Our enhancement overcomes the current limitations related to NAPI throughput. We experimentally demonstrate that current default budget B value of 300 does not yield the best performance of Snort throughput. We show that a small budget value of 14 gives the best Snort performance in terms of packet loss both at Kernel subsystem and at the application level. Furthermore, we compare our results to those reported in the literature, and we show that our enhancement through tuning certain parameters yield superior performance.

引用

页码：155 / 161

页数：7

共 31 条

[1]

Ahir B., 2012, INDIAN J APPL RES, V2, P84

[2]

Alzahrani A. J., 2017, INTRUSION DETECTION, P309, DOI [10.1201/b21885-12, DOI 10.1201/B21885-12]

[3] Flexible Network-based Intrusion Detection and Prevention System on Software-defined Networks [J].

An Le ;

Phuong Dinh ;

Hoa Le ;

Ngoc Cuong Tran .

2015 INTERNATIONAL CONFERENCE ON ADVANCED COMPUTING AND APPLICATIONS (ACOMP), 2015, :106-111

[4]

Ananta A. Y., 2018, J ACCOUNTING FINANCE, V18, DOI [10.33423/jaf.v18i2.398., DOI 10.33423/JAF.V18I2.398]

[5]

Ananta A. Y., 2017, SMARTICS J, V3, P31, DOI [10.21067/smartics.v3i2.1954., DOI 10.21067/SMARTICS.V3I2.1954]

[6]

[Anonymous], 2017, INT J ADV ENG RES DE, V4, DOI [10.21090/ijaerd.80591, DOI 10.21090/IJAERD.80591]

[7]

[Anonymous], 2018, IRAQI J SCI, V59, DOI 10.24996/ijs.2018.59.1b.23

[8]

Antonov M. Y., 2018, SPARK, DOI [10.1515/spark.18.5., DOI 10.1515/SPARK.18.5]

[9]

Barker S. A., 2015, COMP RING BUFFER BAS, DOI [10.2172/1225853, DOI 10.2172/1225853]

[10]

Biswas A., 2016, 5 SYST ADM NETW ENG

← 1 2 3 4 →