Título:
|
Improving the performance efficiency of an IDS by exploiting temporal locality in network traffic
|
Autor/a:
|
Sreekar Shenoy, Govind; Tubella Murgadas, Jordi; González Colás, Antonio María
|
Otros autores:
|
Universitat Politècnica de Catalunya. Departament d'Arquitectura de Computadors; Universitat Politècnica de Catalunya. ARCO - Microarquitectura i Compiladors |
Abstract:
|
Network traffic has traditionally exhibited temporal locality in the header field of packets. Such locality is intuitive and is a consequence of the semantics of network protocols. However, in contrast, the locality in the packet payload has not been studied in significant detail. In this work we study temporal locality in the packet payload. Temporal locality can also be viewed as redundancy, and we observe significant redundancy in the packet payload. We investigate mechanisms to exploit it in a networking application.
We choose Intrusion Detection Systems (IDS) as a case study. An IDS like the popular Snort operates by scanning packet payload
for known attack strings. It first builds a Finite State Machine (FSM) from a database of attack strings, and traverses this FSM
using bytes from the packet payload. So temporal locality in network traffic provides us an opportunity to accelerate this
FSM traversal. Our mechanism dynamically identifies redundant bytes in the packet and skips their redundant FSM traversal. We
further parallelize our mechanism by performing the redundancy identification concurrently with stages of Snort packet processing. IDS are commonly deployed in commodity processors, and we evaluate our mechanism on an Intel Core i3. Our performance study indicates that the length of the redundant chunk is a key factor in performance. We also observe important performance benefits in deploying our redundancy-aware mechanism in the Snort IDS[32]. |
Materia(s):
|
-Àrees temàtiques de la UPC::Enginyeria de la telecomunicació::Telemàtica i xarxes d'ordinadors -Telecommunication -- Traffic -- Management -Computer networks -- Security measures -Deep packet inspection -Intrusion detection systems -Software caches -System performance evaluation -Temporal locality -Telecomunicació -- Tràfic -- Gestió -Ordinadors, Xarxes d' -- Mesures de seguretat |
Derechos:
|
|
Tipo de documento:
|
Artículo - Versión publicada Objeto de conferencia |
Compartir:
|
|