Name
Abstract | ||
|---|---|---|
As high-speed networks are becoming commonplace, it is increasingly challenging to prevent the attack attempts at the edge of the Internet. While many high-performance intrusion detection systems (IDSes) employ dedicated network processors or special memory to meet the demanding performance requirements, it often increases the cost and limits functional flexibility. In contrast, existing software-based IDS stacks fail to achieve a high throughput despite modern hardware innovations such as multicore CPUs, manycore GPUs, and 10 Gbps network cards that support multiple hardware queues. We present Kargus, a highly-scalable software-based IDS that exploits the full potential of commodity computing hardware. First, Kargus batch processes incoming packets at network cards and achieves up to 40 Gbps input rate even for minimum-sized packets. Second, it exploits high processing parallelism by balancing the pattern matching workloads with multicore CPUs and heterogeneous GPUs, and benefits from extensive batch processing of multiple packets per each IDS function call. Third, Kargus adapts its resource usage depending on the input rate, significantly saving the power in a normal situation. Our evaluation shows that Kargus on a 12-core machine with two GPUs handles up to 33 Gbps of normal traffic and achieves 9 to 10 Gbps even when all packets contain attack signatures, a factor of 1.9 to 4.3 performance improvements over the existing state-of-the-art software IDS. We design Kargus to be compatible with the most popular software IDS, Snort. |
Year | DOI | Venue |
|---|---|---|
2012 | 10.1145/2382196.2382232 | ACM Conference on Computer and Communications Security |
Keywords | Field | DocType |
high-speed network,gbps network card,commodity computing hardware,highly-scalable software-based intrusion detection,gbps input rate,software-based ids stack,multicore cpus,heterogeneous gpus,present kargus,ids function call,kargus batch,intrusion detection,pattern matching,batch processing | Network processor,Computer science,Computer security,Network packet,Software,Network interface controller,Intrusion detection system,Multi-core processor,Scalability,Commodity computing | Conference |
Citations | PageRank | References |
53 | 1.95 | 26 |
Authors | ||
8 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Muhammad Asim Jamshed | 1 | 135 | 6.57 |
| Ji-hyung Lee | 2 | 54 | 4.00 |
| Sang-Woo Moon | 3 | 130 | 9.69 |
| Insu Yun | 4 | 90 | 5.74 |
| Deokjin Kim | 5 | 67 | 3.76 |
| Sungryoul Lee | 6 | 113 | 6.63 |
| Yung Yi | 7 | 1557 | 104.55 |
| KyoungSoo Park | 8 | 1198 | 73.47 |