An Embedded NIDS with Multi-Core Aware Packet Capture

Network security has been a serious problem in the Internet. To face this issue, network intrusion detection tools have become indispensable for computer systems and network gateways. In this paper we propose an embedded, multi-core aware network intrusion detection system (NIDS), which has the following features: 1) It integrates a novel multi-core aware packet capture module, called the MCA ring, and an NIDS. 2) It exploits a zero-copy mechanism to remove the overheads of packet copy processing from the network interface driver to the NIDS application. 3) It uses the concept of process and IRQ affinity to enhance the processing speed. The performance of NIDS under different packet capture modules in multi-gigabits networks has also been analyzed and presented in this paper. The results show that our integrated multi-core aware MCA ring and NIDS is effective for detecting network intrusion attacks in multi-gigabits networks. © 2013 IEEE.