AN OPTINIZED ALGORITHM OF PARALELL DATA PROCESSING BY SNORT CORE
| Autor: | S. V. Morkovin, V. S. Panishchev |
|---|---|
| Rok vydání: | 2017 |
| Předmět: | |
| Zdroj: | Proceedings of the Southwest State University. 21:30-35 |
| ISSN: | 2686-6757 2223-1560 |
| DOI: | 10.21869/2223-1560-2017-21-1-30-35 |
| Popis: | The paper addresses the problem of optimizing the firmware algorithm of detecting and preventing computer attacks on the Internet access workstations and networking equipment. The main objective was to boost the device capacity and save data processing resources. It has been proved that existing soft products that have been developed for single thread execution architectures need to be modified. In particular the paper discusses Snort network intrusion and prevention system that initially has been made to operate on the processor single core in single thread mode. Snort core paralleling principle is based on dividing the inbound traffic into lower-speed atomic channels that are distributed over several individually runnable Snort cores as individual processes that are interconnected and can exchange information. The authors suggest the algorithm optimization way that consists in utilizing the fast shared memory to facilitate information exchange between the processes. The paper focuses on a key element in the data processing paralleling algorithm which is the balance algorithm. The proposed algorithm has been used to optimize the performance of the inbound traffic balancing unit, which increased the operation speed of the total system. A test facility has been developed to simulate and refine the constructed intrusion detection distributed system. The paper presents the testing facility structure, testing method and test numerical results. The test item was a standard traffic routed to the system input from backbone link. The research results were used to determine the dependency of the traffic processing speed on the number of cores in the system. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|