A high-performance network monitoring platform for intrusion detection

Authors:
Yang Wu;Xiao-Chun Yun
Affiliations:
Computer Network and Information Security Technique Research Center, Harbin Institute of Technology, Harbin, China;Computer Network and Information Security Technique Research Center, Harbin Institute of Technology, Harbin, China
Venue:
ICOIN'05 Proceedings of the 2005 international conference on Information Networking: convergence in broadband and mobile networking
Year:
2005

Citing 5
Cited 2

Adaptive Pattern Matching

SIAM Journal on Computing
Evolution of the Virtual Interface Architecture

Computer
Software Support for Virtual Memory-Mapped Communication

IPPS '96 Proceedings of the 10th International Parallel Processing Symposium
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
The BSD packet filter: a new architecture for user-level packet capture

USENIX'93 Proceedings of the USENIX Winter 1993 Conference Proceedings on USENIX Winter 1993 Conference Proceedings

A scalable multi-core aware software architecture for high-performance network monitoring

Proceedings of the 2nd international conference on Security of information and networks
A high-performance and scalable multi-core aware software solution for network monitoring

The Journal of Supercomputing

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper presents and implements a high-performance network monitoring platform (HPNMP) for high bandwidth network intrusion detection system (NIDS). The traffic load on a single machine is heavily reduced in an operation mode of parallel cluster. An efficient user-level messaging mechanism is implemented and a multi-rule packet filter is built at user layer. The results of experiments indicate that HPNMP is capable of reducing the using rate of CPU while improving the efficiency of data collection in NIDS so as to save much more system resources for complex data analysis in NIDS. ...