Title :
On improving performance of Network Intrusion Detection Systems by efficient packet capturing
Author :
Biswas, Amitava ; Sinha, Purnendu
Author_Institution :
Dept. of Electr. & Comput. Eng., Concordia Univ., Montreal, Que.
Abstract :
In a PC based network intrusion detection system (NIDS), the packet capturing component is a key bottleneck which reduces its effectiveness. NIDS deployment on multiprocessor or distributed systems that circumvents this bottleneck do not address operating system performance limitations which are the causal factors behind this bottleneck. Completion of intrusion detection task in bounded time at the sensors is also important to detect complex and co-ordinated attack patterns. Existing Linux based packet capturing solutions, NAPI and PFRING, are inefficient and have poor real-time performance. We have implemented a user space network interface (DMA ring) to capture packets under high network load on a modest commodity platform. DMA ring outperforms existing solutions in terms of higher load bearing, packet capturing capacity and superior real-time behavior. We proposed a scheme using DMA ring, which improves the performance of a user space NIDS
Keywords :
computer networks; security of data; telecommunication security; DMA ring; Linux based packet capturing solutions; NAPI; PC based network intrusion detection systems; PFRING; complex coordinated attack pattern detection; distributed system; load bearing; modest commodity platform; multiprocessor system; packet capturing capacity; packet capturing component; user space network interface; Intrusion detection; High bandwidth packet capture; performance improvement of Network Intrusion Detection System;
Conference_Titel :
Network Operations and Management Symposium, 2006. NOMS 2006. 10th IEEE/IFIP
Conference_Location :
Vancouver, BC
Print_ISBN :
1-4244-0142-9
DOI :
10.1109/NOMS.2006.1687642
