Exploring and Enhancing the Performance of Parallel IDS on Multi-core Processors

With the advancement of multi-core processor, it is highly desired to use parallel design to improve the IDS throughput in nowadays. However, existing parallel schemes often fail to achieve linear speedup in IDS. The throughput even deteriorates severely for some network traffics. Hence, exploring and addressing the problems have become one of the most urgent issues in parallel IDS. In this work, an IDS model adopting software pipeline is developed as the test bed of parallel performance evaluation. The contribution of this paper is two-fold. First, we explore the performance of parallel IDS through substantive experiments and quantitative analyses. We find Heavy Rule Fingerprint (HRF) in the pre-filter, which has not been mentioned in previous papers as we know, causes severe performance deterioration mentioned in existing studies. The experiments illustrate that the time consumption on HRF in parallel system is at least 6-7 times longer than that in normal system. Second, we propose a new fingerprint extraction strategy to deal with HRF. Experimental results show that the throughput deterioration is resolved completely and the throughput is enhanced by 45% by integrating our proposed method into the test bed and with making use of DARPA evaluation dataset.