Parameter Optimization for Suricata Intrusion Prevention Systems supporting Multi-Gigabit High Speed Network
Article Sidebar
Main Article Content
Abstract
This paper proposes a study and measurement of one of the most well-known Intrusion Protection System called Suricata under real-time traffic protection of an enterprise network. The challenge problem in IPS deployment is to assure the performance in multigigabit environment. In this experiment, the testbed is tested under 10 Gbps network. Major goals are to find the combination of Suricata parameters to optimize the overall performance. The experiments cover both AF_PACKET and NFQ packet capture technique. The results show that AF_PACKET yields better performance over NFQ. Moreover, Suricata worker thread should be placed on the same CPU so that no communications overhead will not effect the overall performance.
Article Details
References
M. Chiang, S. Tu, W. Su and C. Lin, "Enhancing Inter-Node Process Migration for Load Balancing on Linux-Based NUMA Multicore Systems," In 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC), pp. 394-399, 2018.
D. Jonathan and B. Burns, “A Performance Analysis of Snort and Suricata Network Intrusion Detection and Prevention Engines,” In the 5th International Conference on Digital Society, pp. 187-192, 2011.
Q. Hu,S. Yu and M. R. Asghar, “Analysing performance issues of open-source intrusion detection systems in high-speed networks,” In J. of Information Security and Applications, vol.51, 2020.
B. Brumen and J. Legvart, "Performance analysis of two open source intrusion detection systems," In the 39th International Convention on Information and Communication Technology, pp. 1387-1392, 2016.
D. Fadhilah and M. I. Marzuki, "Performance Analysis of IDS Snort and IDS Suricata with Many-Core Processor in Virtual Machines Against Dos/DDoS Attacks," In the 2nd International Conference on Broadband Communications, pp. 157-162, 2020.
K. Jakimoski and N. V Singhai, “Improvement of Hardware Firewall’s Data Rates by Optimizing Suricata Performances,” In the 27th Telecommunica-tions forum TELFOR 2019, pp. 1-4, 2019.
W. Messer, Performance Testing Suricata: The Effect of Configuration Variables on Offline Suricata Performance, 2011. Available: https://redmine.openinfosecfoundation.org/attachments/download/706/Messer-Practicum-Final-v4.pdf [Accessed on: 13 May 2020].
A. K. Saxena, S. Sinha and P. Shukla, "General study of intrusion detection system and survey of agent-based intrusion detection system," In International Conference on Computing, pp. 471-421, 2017.
A. Garg and P. Maheshwari, "Performance analysis of Snort-based Intrusion Detection System," In the 3rd International Conference on Advanced Computing and Communication Systems, pp. 1-5, 2016.
E. Leblond and G. Longo. “Suricata IDPS and its interaction with Linux kernel,” In netdev 1.1, pp. 1-4, 2016.
Proofpoint, Proofpoint Emerging Threats Rules, 2021. Available: https://rules.emergingthreats.net/open/suricata-5.0/rules/ [Accessed on: 14 January 2021].
