Performance Evaluation of a Probabilistic Packet Filter Optimization Algorithm for High-Speed Network Monitoring

Abstract: Abstract. Because of the ever-increasing popularity of the Internet, network monitoring becomes very mission critical to guarantee the operation of IP networks, e.g. to detect network failures and stop intrusion attempts. A majority of these monitoring tasks require only a small subset of all passing packets, which share some common properties such as identical header fields or similar patterns in their data. Nowadays, next to the increasing network speed, much of these tasks become very complex. In order to c… Show more

“…This will aid in choosing the best configuration parameters to boost and improve Snort's performance. Our technique to improve Snort's performance by identifying and tuning key system parameters can be orthogonal to the techniques proposed by Abbas (2002), Vermeiren et al (2004), Turnbull (2007), Geschke (2006), Aldwairi et al (2005), Weinsberg et al (2007), Yu et al (2007), Coppens et al (2004), Sourdis et al (2006), Cho and Mangione-Smith (2008), Baker and Prasanna (2005), Lin et al (2007), Mitra et al (2007), Deri (2005), The Snort Project (2008), Biswas and Sinha (2006). Our improvement involves characterizing the typical execution behavior and CPU processing requirement of Snort application, and accordingly selecting the best and optimal configuration of those key system parameters.…”

“…In Turnbull (2007) and Geschke (2006), some improvement in Snort's performance was achieved by offloading some of Snort's essential functions involving alerting and logging, thereby freeing Snort to focus on the primary function of packet inspection. Aldwairi et al (2005), Weinsberg et al (2007), Yu et al (2007), Coppens et al (2004), Sourdis et al (2006), Cho and Mangione-Smith (2008), Baker and Prasanna (2005), Lin et al (2007), and Mitra et al (2007) improved substantially rule and string matching using novel optimization techniques coupled with customized FPGA (Field-Programmable Gate Array) and hardware. Speeding up performance was demonstrated using different packet capturing libraries and allowing Snort to have direct access to the kernel's receiving ring buffer allocated for the NIC (Network Interface Card) (Deri, 2005;The Snort Project, 2008).…”

Performance evaluation comparison of Snort NIDS under Linux and Windows Server

“…This will aid in choosing the best configuration parameters to boost and improve Snort's performance. Our technique to improve Snort's performance by identifying and tuning key system parameters can be orthogonal to the techniques proposed by Abbas (2002), Vermeiren et al (2004), Turnbull (2007), Geschke (2006), Aldwairi et al (2005), Weinsberg et al (2007), Yu et al (2007), Coppens et al (2004), Sourdis et al (2006), Cho and Mangione-Smith (2008), Baker and Prasanna (2005), Lin et al (2007), Mitra et al (2007), Deri (2005), The Snort Project (2008), Biswas and Sinha (2006). Our improvement involves characterizing the typical execution behavior and CPU processing requirement of Snort application, and accordingly selecting the best and optimal configuration of those key system parameters.…”

“…In Turnbull (2007) and Geschke (2006), some improvement in Snort's performance was achieved by offloading some of Snort's essential functions involving alerting and logging, thereby freeing Snort to focus on the primary function of packet inspection. Aldwairi et al (2005), Weinsberg et al (2007), Yu et al (2007), Coppens et al (2004), Sourdis et al (2006), Cho and Mangione-Smith (2008), Baker and Prasanna (2005), Lin et al (2007), and Mitra et al (2007) improved substantially rule and string matching using novel optimization techniques coupled with customized FPGA (Field-Programmable Gate Array) and hardware. Speeding up performance was demonstrated using different packet capturing libraries and allowing Snort to have direct access to the kernel's receiving ring buffer allocated for the NIC (Network Interface Card) (Deri, 2005;The Snort Project, 2008).…”

Performance evaluation comparison of Snort NIDS under Linux and Windows Server

Concepts for Self-Protection

Packet filter optimization techniques for high-speed network monitoring