| Title | Performance Enhancement of Snort IDS through Kernel Modification |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Changazi, Sabir Ali, Shafi, Imran, Saleh, Khaled, Islam, M Hasan, Hussainn, Syed Muzammil, Ali, Atif |
| Conference Name | 2019 8th International Conference on Information and Communication Technologies (ICICT) |
| Keywords | composability, high traffic load, Intrusion detection, Kernel, Kernel modification, kernel modifications, Kernel subsystem, Linux, Linux kernel networking subsystem, Linux key parameters, Linux Operating System Security, Measurement, Metrics, Monitoring, NAPI packet reception mechanism, NAPI throughput, open-source intrusion detection system, operating system kernels, Packet loss, performance enhancement, performance enhancement metrics, Predictive Metrics, pubcrawl, Resiliency, security of data, Snort IDS, snort packet handling capacity, Snort performance, Task Analysis, telecommunication traffic |
| Abstract | Performance and improved packet handling capacity against high traffic load are important requirements for an effective intrusion detection system (IDS). Snort is one of the most popular open-source intrusion detection system which runs on Linux. This research article discusses ways of enhancing the performance of Snort by modifying Linux key parameters related to NAPI packet reception mechanism within the Linux kernel networking subsystem. Our enhancement overcomes the current limitations related to NAPI throughput. We experimentally demonstrate that current default budget B value of 300 does not yield the best performance of Snort throughput. We show that a small budget value of 14 gives the best Snort performance in terms of packet loss both at Kernel subsystem and at the application level. Furthermore, we compare our results to those reported in the literature, and we show that our enhancement through tuning certain parameters yield superior performance. |
| DOI | 10.1109/ICICT47744.2019.9001286 |
| Citation Key | changazi_performance_2019 |
Performance Enhancement of Snort IDS through Kernel Modification