Boosting throughput of snort NIDS under linux

K. Salah, A. Qahtan

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

9 Scopus citations

Abstract

Snort is one of the most popular Network Intrusion Detection Systems (NIDS) that exist today. Snort needs to be highly effective to keep up with today's high traffic of gigabit networks. An intrusion detection system that fails to perform packet inspection at high rate will allow malicious packets to enter the network undetected. In this paper we demonstrate that the current default configuration of the Linux networking subsystem (a.k.a. NAPI) is not suitable for Snort's performance. We show that the performance of Snort can be improved significantly by tuning certain configuration parameters. In particular, we experimentally study the performance impact of choosing different NAPI budget values on Snort's throughput. We conclude that a small budget would enhance the performance significantly.

Original languageBritish English
Title of host publication2008 International Conference on Innovations in Information Technology, IIT 2008
Pages643-647
Number of pages5
DOIs
StatePublished - 2008
Event2008 International Conference on Innovations in Information Technology, IIT 2008 - Al Ain, United Arab Emirates
Duration: 16 Dec 200818 Dec 2008

Publication series

Name2008 International Conference on Innovations in Information Technology, IIT 2008

Conference

Conference2008 International Conference on Innovations in Information Technology, IIT 2008
Country/TerritoryUnited Arab Emirates
CityAl Ain
Period16/12/0818/12/08

Fingerprint

Dive into the research topics of 'Boosting throughput of snort NIDS under linux'. Together they form a unique fingerprint.

Cite this