Title :
Boosting throughput of Snort NIDS under Linux
Author :
Salah, K. ; Qahtan, A.
Author_Institution :
Dept. of Inf. & Comput. Sci., King Fahd Univ. of Pet. & Miner., Dhahran
Abstract :
Snort is one of the most popular Network Intrusion Detection Systems (NIDS) that exist today. Snort needs to be highly effective to keep up with today´s high traffic of gigabit networks. An intrusion detection system that fails to perform packet inspection at high rate will allow malicious packets to enter the network undetected. In this paper we demonstrate that the current default configuration of the Linux networking subsystem (a.k.a. NAPI) is not suitable for Snort´s performance. We show that the performance of Snort can be improved significantly by tuning certain configuration parameters. In particular, we experimentally study the performance impact of choosing different NAPI budget values on Snort´s throughput. We conclude that a small budget would enhance the performance significantly.
Keywords :
Linux; security of data; Linux networking subsystem; Snort throughput; malicious packets; network intrusion detection systems; packet inspection; Boosting; Computer science; Costs; Engines; Inspection; Intrusion detection; Linux; Software architecture; Telecommunication traffic; Throughput;
Conference_Titel :
Innovations in Information Technology, 2008. IIT 2008. International Conference on
Conference_Location :
Al Ain
Print_ISBN :
978-1-4244-3396-4
Electronic_ISBN :
978-1-4244-3397-1
DOI :
10.1109/INNOVATIONS.2008.4781733
