Fast Packet Classification for Snort by Native Compilation of Rules
Source: Stony Brook University
Signature matching, which includes packet classification and content matching, is the most expensive operation of a signature-based Network Intrusion Detection System (NIDS). This paper presents a technique to improve the performance of packet classification of Snort, a popular open-source NIDS, based on generating native code from Snort signatures. An obvious way to generate native code for packet classification is to use a low-level language like C to access the contents of a packet by treating it as a sequence of bytes. Generating such low-level code manually can be cumbersome and error prone. Use of a high-level specification language can simplify the task of writing packet classification code.
| Format: | Size: | 102.70 | |
| Date: | Oct 2008 |
People who downloaded this item also downloaded
- Thermal Design of the Dell PowerEdge T610, R610, and R710 Servers
- Building Full IT Infrastructure Protection: How Midsize Firms Can Rise to the Challenge
- Leveraging Parallelism for Multi-Dimensional Packet Classification on Software Routers
- Fast Packet Classification Using Condition Factorization
- Static Route Analysis Based Multiple Route Configuration Scheme for Adaptive Static Routing
