{"title":"基于多核感知包捕获模块的嵌入式网络入侵检测系统","authors":"Chia-Hao Hsu, Sheng-de Wang","doi":"10.1109/ICPPW.2011.37","DOIUrl":null,"url":null,"abstract":"Network security has been a main concern in the Internet. To address this issue, network intrusion detection or prevention tools have become indispensable for system security. In this paper we first propose a multi-core aware packet capture module and integrated it with a network intrusion detection system (NIDS). We then analyze the performance of the NIDS under different packet capture libraries in high speed networks. The proposed multi-core aware packet capture module, called Flow Ring, can enhance the performance of NIDS to meet the speed requirements without packet loss. Together with the techniques for the configuration of an NIDS with respect to multi-core and IRQ affinity, the proposed approach can get the most effective performance.","PeriodicalId":173271,"journal":{"name":"2011 40th International Conference on Parallel Processing Workshops","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-09-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"Embedded Network Intrusion Detection Systems with a Multi-core Aware Packet Capture Module\",\"authors\":\"Chia-Hao Hsu, Sheng-de Wang\",\"doi\":\"10.1109/ICPPW.2011.37\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Network security has been a main concern in the Internet. To address this issue, network intrusion detection or prevention tools have become indispensable for system security. In this paper we first propose a multi-core aware packet capture module and integrated it with a network intrusion detection system (NIDS). We then analyze the performance of the NIDS under different packet capture libraries in high speed networks. The proposed multi-core aware packet capture module, called Flow Ring, can enhance the performance of NIDS to meet the speed requirements without packet loss. Together with the techniques for the configuration of an NIDS with respect to multi-core and IRQ affinity, the proposed approach can get the most effective performance.\",\"PeriodicalId\":173271,\"journal\":{\"name\":\"2011 40th International Conference on Parallel Processing Workshops\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-09-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 40th International Conference on Parallel Processing Workshops\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICPPW.2011.37\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 40th International Conference on Parallel Processing Workshops","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICPPW.2011.37","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Embedded Network Intrusion Detection Systems with a Multi-core Aware Packet Capture Module
Network security has been a main concern in the Internet. To address this issue, network intrusion detection or prevention tools have become indispensable for system security. In this paper we first propose a multi-core aware packet capture module and integrated it with a network intrusion detection system (NIDS). We then analyze the performance of the NIDS under different packet capture libraries in high speed networks. The proposed multi-core aware packet capture module, called Flow Ring, can enhance the performance of NIDS to meet the speed requirements without packet loss. Together with the techniques for the configuration of an NIDS with respect to multi-core and IRQ affinity, the proposed approach can get the most effective performance.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
