@inproceedings{d6b07a3465c344bf97e89f3022e45791,
title = "Boosting throughput of snort NIDS under linux",
abstract = "Snort is one of the most popular Network Intrusion Detection Systems (NIDS) that exist today. Snort needs to be highly effective to keep up with today's high traffic of gigabit networks. An intrusion detection system that fails to perform packet inspection at high rate will allow malicious packets to enter the network undetected. In this paper we demonstrate that the current default configuration of the Linux networking subsystem (a.k.a. NAPI) is not suitable for Snort's performance. We show that the performance of Snort can be improved significantly by tuning certain configuration parameters. In particular, we experimentally study the performance impact of choosing different NAPI budget values on Snort's throughput. We conclude that a small budget would enhance the performance significantly.",
author = "K. Salah and A. Qahtan",
year = "2008",
doi = "10.1109/INNOVATIONS.2008.4781733",
language = "British English",
isbn = "9781424433971",
series = "2008 International Conference on Innovations in Information Technology, IIT 2008",
pages = "643--647",
booktitle = "2008 International Conference on Innovations in Information Technology, IIT 2008",
note = "2008 International Conference on Innovations in Information Technology, IIT 2008 ; Conference date: 16-12-2008 Through 18-12-2008",
}