Title :
An Embedded NIDS with Multi-core Aware Packet Capture
Author :
Chia-Hao Hsu ; Sheng-De Wang
Author_Institution :
Dept. of Electr. Eng., Nat. Taiwan Univ., Taipei, Taiwan
Abstract :
Network security has been a serious problem in the Internet. To face this issue, network intrusion detection tools have become indispensable for computer systems and network gateways. In this paper we propose an embedded, multi-core aware network intrusion detection system (NIDS), which has the following features: 1) It integrates a novel multi-core aware packet capture module, called the MCA ring, and an NIDS. 2) It exploits a zero-copy mechanism to remove the overheads of packet copy processing from the network interface driver to the NIDS application. 3) It uses the concept of process and IRQ affinity to enhance the processing speed. The performance of NIDS under different packet capture modules in multi-gigabits networks has also been analyzed and presented in this paper. The results show that our integrated multi-core aware MCA ring and NIDS is effective for detecting network intrusion attacks in multi-gigabits networks.
Keywords :
Internet; computer network security; multiprocessing systems; IRQ affinity; Internet; computer systems; embedded NIDS; integrated multicore aware MCA ring; multicore aware network intrusion detection system; multicore aware packet capture module; multigigabits networks; network gateways; network interface driver; network intrusion attack detection; network intrusion detection tools; network security; overhead removal; packet capture modules; packet copy processing; zero-copy mechanism; Instruction sets; Kernel; Libraries; MONOS devices; Multicore processing; Network interfaces; Performance evaluation; multi-core aware; network intrusion detection system; packet capture library;
Conference_Titel :
Computational Science and Engineering (CSE), 2013 IEEE 16th International Conference on
Conference_Location :
Sydney, NSW
DOI :
10.1109/CSE.2013.119
