Configurable string matching hardware for speeding up intrusion detection
ACM SIGARCH Computer Architecture News - Special issue: Workshop on architectural support for security and anti-virus (WASSA)
High-throughput linked-pattern matching for intrusion detection systems
Proceedings of the 2005 ACM symposium on Architecture for networking and communications systems
Packet pre-filtering for network intrusion detection
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
The performance analysis of linux networking - Packet receiving
Computer Communications
nCap: wire-speed packet capture and transmission
E2EMON '05 Proceedings of the End-to-End Monitoring Techniques and Services on 2005. Workshop
ALS '01 Proceedings of the 5th annual Linux Showcase & Conference - Volume 5
Optimization of pattern matching algorithm for memory based architecture
Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
Compiling PCRE to FPGA for accelerating SNORT IDS
Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
Deep network packet filter design for reconfigurable devices
ACM Transactions on Embedded Computing Systems (TECS)
Performance considerations in designing network interfaces
IEEE Journal on Selected Areas in Communications
Review: Intrusion detection system: A comprehensive review
Journal of Network and Computer Applications
Performance of IP-forwarding of Linux hosts with multiple network interfaces
Journal of Network and Computer Applications
Re-examining the performance bottleneck in a NIDS with detailed profiling
Journal of Network and Computer Applications
Hi-index | 0.00 |
In this paper, we present an experimental evaluation and comparison of the performance of Snort NIDS when running under the two popular platforms of Linux and Windows 2003 Server. Snort's performance is measured when subjecting a PC host running Snort to both normal and malicious traffic, and with different traffic load conditions. Snort's performance is evaluated and compared in terms of throughput and packet loss. In order to offer sound interpretations and get better insight into the behavior of Snort, we also measure the packet loss encountered at the kernel level. In addition, we identify key system parameters (for both Linux and Windows) that provide a fine-grained control over the percentage of the CPU bandwidth allocated to Snort application and can consequently impact its performance. We investigate such an impact, and determine the most appropriate values to improve and optimize Snort's performance. Specifically, for Windows we investigate the impact of customizing the Processor Scheduling configuration option; and for Linux, we investigate the impact of tuning the Budget configurable parameter used in the Linux kernel's packet reception mechanism.