Abstract
With the emergence of Network Function Virtualization (NFV) technology, researchers start to implement typical software Intrusion detection Systems (IDS) as Virtual Network Function (VNF) to improve the scalability of IDS deployment. Determining the setups and configurations of every instance to optimize VNF performance is one of the core challenges in NFV scenario. Previous researches mainly focus on how IDS performs under different Virtual Machine (VM) setups and just load its default configuration. However, when loading different rulesets and running IDS under different VM setups, the default configuration may not always lead to optimal performance. In this paper, we focus on the configuration problem of Snort. We propose a lightweight estimation algorithm to auto configure the most performance-related part of Snort – Fast Pattern Matcher (FPM). We firstly explore how those options make influence on Snort’s packet detection by several measurement experiments. Then we summarize some basic principles to design our auto configuration algorithm. At last, we implement the algorithm to evaluate its accuracy and efficiency. The result shows our algorithm can seek a better configuration than the default one in various situations; in the meanwhile, it just takes a few seconds to run the algorithm, which is important if we want to import an auto configuration modular into NFV dynamic and elastic scheduling strategy.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.