Eliminating receive livelock in an interrupt-driven kernel
ACM Transactions on Computer Systems (TOCS)
Fast and scalable layer four switching
Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication
Efficient string matching: an aid to bibliographic search
Communications of the ACM
Stateful Intrusion Detection for High-Speed Networks
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Optimizing Packet Capture on Symmetric Multiprocessing Machines
SBAC-PAD '03 Proceedings of the 15th Symposium on Computer Architecture and High Performance Computing
Behavioral Authentication of Server Flows
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Introducing scalability in network measurement: toward 10 Gbps with commodity hardware
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Internet traffic classification using bayesian analysis techniques
SIGMETRICS '05 Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Algorithms to accelerate multiple regular expressions matching for deep packet inspection
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
The shunt: an FPGA-based accelerator for network intrusion prevention
Proceedings of the 2007 ACM/SIGDA 15th international symposium on Field programmable gate arrays
nCap: wire-speed packet capture and transmission
E2EMON '05 Proceedings of the End-to-End Monitoring Techniques and Services on 2005. Workshop
The BSD packet filter: a new architecture for user-level packet capture
USENIX'93 Proceedings of the USENIX Winter 1993 Conference Proceedings on USENIX Winter 1993 Conference Proceedings
Dynamic application-layer protocol analysis for network intrusion detection
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Bro: a system for detecting network intruders in real-time
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
High-Speed Dynamic Packet Filtering
Journal of Network and Systems Management
A scalable multi-core aware software architecture for high-performance network monitoring
Proceedings of the 2nd international conference on Security of information and networks
A high-performance network monitoring platform for intrusion detection
ICOIN'05 Proceedings of the 2005 international conference on Information Networking: convergence in broadband and mobile networking
Improving the performance of signature-based network intrusion detection sensors by multi-threading
WISA'04 Proceedings of the 5th international conference on Information Security Applications
Service vulnerability scanning based on service-oriented architecture in Web service environments
Journal of Systems Architecture: the EUROMICRO Journal
Hi-index | 0.00 |
In recent years, the need for high-performance network monitoring tools, which can cope with rapidly increasing network bandwidth, has become vital. A possible solution is to utilize the processing power of multi-core processors that nowadays are available as commercial-off-the-shelf (COTS) hardware. In this paper, we introduce a software solution for wire-speed packet capturing and transmission for TCP/IP networks under Linux operating system, called DashCap. The results of our experimental evaluations show that the proposed solution causes more than two times performance boost for packet capturing in comparison to the existing software solutions under Linux. We have proposed a scalable software architecture for network monitoring tools called DashNMon, which is based on DashCap. Multi-core awareness is a distinguished property of this architecture. Comparing to the existing cluster-based solutions, DashNMon can be used with COTS multi-core processors. In order to evaluate the proposed solutions, we have developed several prototype tools. The results of the experiments carried out using these tools show the scalability and high performance of the network monitoring tools that are based on the proposed architecture. Using the proposed architecture, it is possible to design and implement high-performance multi-threaded network intrusion detection systems (NIDSs) or application-layer firewalls, completely in the user space and with better utilization of the computational resources of multi-processor/multi-core systems.