Biblio
Filters: Keyword is Snort2 [Clear All Filters]
Performance comparison and optimization of mainstream NIDS systems in offline mode based on parallel processing technology. 2021 2nd International Conference on Computing and Data Science (CDS). :136—140.
.
2021. For the network intrusion detection system (NIDS), improving the performance of the analysis process has always been one of the primary goals that NIDS needs to solve. An important method to improve performance is to use parallel processing technology to maximize the usage of multi-core CPU resources. In this paper, by splitting Pcap data packets, the NIDS software Snort3 can process Pcap packets in parallel mode. On this basis, this paper compares the performance between Snort2, Suricata, and Snort3 with different CPU cores in processing different sizes of Pcap data packets. At the same time, a parallel unpacking algorithm is proposed to further improve the parallel processing performance of Snort3.