Research on High Performance Intrusion Prevention System Based on Suricata
DOI:
https://doi.org/10.54097/hset.v7i.1077Keywords:
Suricata, IPS, Network Security, High-traffic NetworkAbstract
Suricata is an open source, high-performance network IDS, IPS and network security monitoring engine. Based on Suricata and AF-PACKET technology, this paper research on the Suricata IPS applied to Huawei Kunpeng 920 CPU and Galaxy Kylin operating system, designs defense rules for common network threats at present, and tuning the performance of Suricata IPS in a high-traffic network environment. Using Ixia network tester, the results show that the design scheme can fully adapt to the relevant hardware system and software environment, the network throughput can reach 20Gbps.
Downloads
References
Suricata, Suricata, 2021, [online] Available at: https: //suricata.readthedocs.io/ [Accessed 2 2021].
Snort.org, Snort - network intrusion detection & prevention system, 2021, [online] Available at: <https://www.snort.org/> [Accessed 2 2021].
Zeek, the zeek network security monitor, 2021, [online] Available at: <https://zeek.org/> [Accessed 2 2021].
W. Bulajoul, A. James, M. Pannu, Network intrusion detection systems in high-speed traffic in computer networks, in: 2013 IEEE 10th International Conference on E-Business Engineering, IEEE, 2013, pp. 168–175.
G. Raj, M. Katoch, Security implementation through pcre signature over cloud network, Adv. Comput. 3 (3) (2012) 121.
D. Day, B. Burns, A performance analysis of snort and suricata network intrusion detection and prevention engines, in: Fifth International Conference on Digital Society, Gosier, Guadeloupe, 2011, pp. 187–192.
ntop. PF_RING ZC (Zero Copy). [Online]. Available: http://www.ntop.org/products/packet-capture/pf_ring/pf_ring-zc-zero-copy/.
Harsh Patel, Hrishikesh Hiraskar, Mohit P. Tahiliani, extending network emu-lation support in ns-3 using dpdk, in: Workshop on ns-3 (WNS3), 2019, pp.17–24.
Luigi Rizzo, Netmap: a novel framework for fast packet i/o, in: USENIX Conference on Annual Technical Conference (ATC), 2012, p. 9.
Q. Hu, M.R. Asghar, N. Brownlee, Evaluating network intrusion detection systems for high-speed networks, in: 2017 27th International Telecommunication Networks and Applications Conference (ITNAC), IEEE, 2017, pp. 1–6.
A. Alhomoud, R. Munir, J.P. Disso, I. Awan, A. Al-Dhelaan, Performance evaluation study of intrusion detection systems, Procedia Comput. Sci. 5 (2011) 173–180.
M. Dashti, A. Fedorova, J. Funston, F. Gaud, R. Lachaize, B. Lepers, V.Quema, M. Roth, Traffic management: A holistic approach to memoryplacement on NUMA systems, SIGPLAN Not. 48 (4) (2013) 381–394.
Downloads
Published
Conference Proceedings Volume
Section
License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.