Embedded Network Intrusion Detection Systems with a Multi-Core Aware Packet Capture Module

Network security has been a main concern in the Internet. To address this issue, network intrusion detection or prevention tools have become indispensable for system security. In this paper we first propose a multi-core aware packet capture module and integrated it with a network intrusion detection system (NIDS). We then analyze the performance of the NIDS under different packet capture libraries in high speed networks. The proposed multi-core aware packet capture module, called Flow Ring, can enhance the performance of NIDS to meet the speed requirements without packet loss. Together with the techniques for the configuration of an NIDS with respect to multi-core and IRQ affinity, the proposed approach can get the most effective performance. © 2011 IEEE.