Download now Free registration required
This paper presents and experimentally analyzes the performance of three parallelization strategies for the popular open-source Snort Network Intrusion Detection System (NIDS). The parallelizations include 2 conservative variants and 1 optimistic scheme. The conservative strategy parallelizes inspection at the level of TCP/IP flows, as any potential inter-packet dependences are confined to a single flow. The flows are partitioned among threads, and each flow is processed in-order at one thread. A second variation reassigns flows between threads to improve load balance but still requires that only one thread process a given flow at a time.
- Format: PDF
- Size: 1022.6 KB