DC Field | Value | Language |
---|---|---|
dc.contributor.author | Muhammad Jamshed | ko |
dc.contributor.author | Jihyung Lee | ko |
dc.contributor.author | Sangwoo Moon | ko |
dc.contributor.author | Insu Yun | ko |
dc.contributor.author | Deokjin Kim | ko |
dc.contributor.author | Sungryoul Lee | ko |
dc.contributor.author | Yung Yi | ko |
dc.contributor.author | KyoungSoo Park | ko |
dc.date.accessioned | 2013-03-29T18:56:23Z | - |
dc.date.available | 2013-03-29T18:56:23Z | - |
dc.date.created | 2012-11-06 | - |
dc.date.created | 2012-11-06 | - |
dc.date.created | 2012-11-06 | - |
dc.date.created | 2012-11-06 | - |
dc.date.created | 2012-11-06 | - |
dc.date.issued | 2012-10-17 | - |
dc.identifier.citation | 19th ACM Conference on Computer and Communications Security (CCS '12), pp.317 - 328 | - |
dc.identifier.uri | http://hdl.handle.net/10203/172998 | - |
dc.description.abstract | As high-speed networks are becoming commonplace, it is increasingly challenging to prevent the attack attempts at the edge of the Intern et. While many high-performance intrusion detection systems (IDSes) employ dedicated network processors or special memory to meet the demanding performance requirements, it often increases the cost and limits functional flexibility. In contrast, existing softwarebased IDS stacks fail to achieve a high throughput despite modern hardware innovations such as multicore CPUs, manycore GPUs, and 10 Gbps network cards that support multiple hardware queues. We present Kargus, a highly-scalable software-based IDS that exploits the full potential of commodity computing hardware. First, Kargus batch processes incoming packets at network cards and achieves up to 40 Gbps input rate even for minimum-sized packets. Second, it exploits high processing parallelism by balancing the pattern matching workloads with multicore CPUs and heterogeneous GPUs, and benefits from extensive batch processing of multiple packets per each IDS function call. Third, Kargus adapts its resource usage depending on the input rate, significantly saving the power in a normal situation. Our evaluation shows that Kargus on a 12-core machine with two GPUs handles up to 33 Gbps of normal traffic and achieves 9 to 10 Gbps even when all packets contain attack signatures, a factor of 1.9 to 4.3 performance improvements over the existing state-of-the-art software IDS. We design Kargus to be compatible with the most popular software IDS, Snort. | - |
dc.language | English | - |
dc.publisher | ACM Special Interest Group on Security, Audit and Control (SIGSAC) | - |
dc.title | Kargus: a Highly-scalable Software-based Intrusion Detection System | - |
dc.type | Conference | - |
dc.identifier.scopusid | 2-s2.0-84869475315 | - |
dc.type.rims | CONF | - |
dc.citation.beginningpage | 317 | - |
dc.citation.endingpage | 328 | - |
dc.citation.publicationname | 19th ACM Conference on Computer and Communications Security (CCS '12) | - |
dc.identifier.conferencecountry | US | - |
dc.identifier.conferencelocation | Raleigh, NC | - |
dc.identifier.doi | 10.1145/2382196.2382232 | - |
dc.embargo.liftdate | 9999-12-31 | - |
dc.embargo.terms | 9999-12-31 | - |
dc.contributor.localauthor | Insu Yun | - |
dc.contributor.localauthor | Yung Yi | - |
dc.contributor.localauthor | KyoungSoo Park | - |
dc.contributor.nonIdAuthor | Muhammad Jamshed | - |
dc.contributor.nonIdAuthor | Jihyung Lee | - |
dc.contributor.nonIdAuthor | Sangwoo Moon | - |
dc.contributor.nonIdAuthor | Deokjin Kim | - |
dc.contributor.nonIdAuthor | Sungryoul Lee | - |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.