Boosting throughput of snort NIDS under linux

Research output: Chapter in Book/Report/Conference proceedingConference contribution

7 Citations (Scopus)

Abstract

Snort is one of the most popular Network Intrusion Detection Systems (NIDS) that exist today. Snort needs to be highly effective to keep up with today's high traffic of gigabit networks. An intrusion detection system that fails to perform packet inspection at high rate will allow malicious packets to enter the network undetected. In this paper we demonstrate that the current default configuration of the Linux networking subsystem (a.k.a. NAPI) is not suitable for Snort's performance. We show that the performance of Snort can be improved significantly by tuning certain configuration parameters. In particular, we experimentally study the performance impact of choosing different NAPI budget values on Snort's throughput. We conclude that a small budget would enhance the performance significantly.

Original languageEnglish
Title of host publication2008 International Conference on Innovations in Information Technology, IIT 2008
Pages643-647
Number of pages5
DOIs
Publication statusPublished - 1 Dec 2008
Externally publishedYes
Event2008 International Conference on Innovations in Information Technology, IIT 2008 - Al Ain, United Arab Emirates
Duration: 16 Dec 200818 Dec 2008

Other

Other2008 International Conference on Innovations in Information Technology, IIT 2008
CountryUnited Arab Emirates
CityAl Ain
Period16/12/0818/12/08

Fingerprint

Intrusion detection
Throughput
Tuning
Inspection
Linux

ASJC Scopus subject areas

  • Computer Science Applications
  • Information Systems
  • Software

Cite this

Salah, K., & Qahtan, A. (2008). Boosting throughput of snort NIDS under linux. In 2008 International Conference on Innovations in Information Technology, IIT 2008 (pp. 643-647). [4781733] https://doi.org/10.1109/INNOVATIONS.2008.4781733

Boosting throughput of snort NIDS under linux. / Salah, K.; Qahtan, Abdulhakim.

2008 International Conference on Innovations in Information Technology, IIT 2008. 2008. p. 643-647 4781733.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Salah, K & Qahtan, A 2008, Boosting throughput of snort NIDS under linux. in 2008 International Conference on Innovations in Information Technology, IIT 2008., 4781733, pp. 643-647, 2008 International Conference on Innovations in Information Technology, IIT 2008, Al Ain, United Arab Emirates, 16/12/08. https://doi.org/10.1109/INNOVATIONS.2008.4781733
Salah K, Qahtan A. Boosting throughput of snort NIDS under linux. In 2008 International Conference on Innovations in Information Technology, IIT 2008. 2008. p. 643-647. 4781733 https://doi.org/10.1109/INNOVATIONS.2008.4781733
Salah, K. ; Qahtan, Abdulhakim. / Boosting throughput of snort NIDS under linux. 2008 International Conference on Innovations in Information Technology, IIT 2008. 2008. pp. 643-647
@inproceedings{30983f3508924d29a4fbedfe284715da,
title = "Boosting throughput of snort NIDS under linux",
abstract = "Snort is one of the most popular Network Intrusion Detection Systems (NIDS) that exist today. Snort needs to be highly effective to keep up with today's high traffic of gigabit networks. An intrusion detection system that fails to perform packet inspection at high rate will allow malicious packets to enter the network undetected. In this paper we demonstrate that the current default configuration of the Linux networking subsystem (a.k.a. NAPI) is not suitable for Snort's performance. We show that the performance of Snort can be improved significantly by tuning certain configuration parameters. In particular, we experimentally study the performance impact of choosing different NAPI budget values on Snort's throughput. We conclude that a small budget would enhance the performance significantly.",
author = "K. Salah and Abdulhakim Qahtan",
year = "2008",
month = "12",
day = "1",
doi = "10.1109/INNOVATIONS.2008.4781733",
language = "English",
isbn = "9781424433971",
pages = "643--647",
booktitle = "2008 International Conference on Innovations in Information Technology, IIT 2008",

}

TY - GEN

T1 - Boosting throughput of snort NIDS under linux

AU - Salah, K.

AU - Qahtan, Abdulhakim

PY - 2008/12/1

Y1 - 2008/12/1

N2 - Snort is one of the most popular Network Intrusion Detection Systems (NIDS) that exist today. Snort needs to be highly effective to keep up with today's high traffic of gigabit networks. An intrusion detection system that fails to perform packet inspection at high rate will allow malicious packets to enter the network undetected. In this paper we demonstrate that the current default configuration of the Linux networking subsystem (a.k.a. NAPI) is not suitable for Snort's performance. We show that the performance of Snort can be improved significantly by tuning certain configuration parameters. In particular, we experimentally study the performance impact of choosing different NAPI budget values on Snort's throughput. We conclude that a small budget would enhance the performance significantly.

AB - Snort is one of the most popular Network Intrusion Detection Systems (NIDS) that exist today. Snort needs to be highly effective to keep up with today's high traffic of gigabit networks. An intrusion detection system that fails to perform packet inspection at high rate will allow malicious packets to enter the network undetected. In this paper we demonstrate that the current default configuration of the Linux networking subsystem (a.k.a. NAPI) is not suitable for Snort's performance. We show that the performance of Snort can be improved significantly by tuning certain configuration parameters. In particular, we experimentally study the performance impact of choosing different NAPI budget values on Snort's throughput. We conclude that a small budget would enhance the performance significantly.

UR - http://www.scopus.com/inward/record.url?scp=67649476439&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=67649476439&partnerID=8YFLogxK

U2 - 10.1109/INNOVATIONS.2008.4781733

DO - 10.1109/INNOVATIONS.2008.4781733

M3 - Conference contribution

SN - 9781424433971

SP - 643

EP - 647

BT - 2008 International Conference on Innovations in Information Technology, IIT 2008

ER -