Přístupnostní navigace
E-přihláška
Vyhledávání Vyhledat Zavřít
Detail publikace
ŠIŠMIŠ, L. KOŘENEK, J.
Originální název
Accelerating Suricata with DPDK
Typ
prezentace, poster
Jazyk
angličtina
Originální abstrakt
Suricata is used in the cybersecurity field to reveal possible intrusions into the supervised environment by monitoring and inspecting live network traffic. However, with large and complex detection rulesets, even multi-threaded Suricata can be overloaded with increasing network traffic. To combat the problem, Suricata has introduced the DPDK capture interface with the aim to improve network throughput and latency. Results presented in a talk by Lukas Sismis on Suricon 2021 show an increase in network throughput by 16%. The talk also presented DPDK Prefilters. These are programs placed in front of Suricata with the purpose of increasing Suricata performance by reducing the amount of network traffic passed to Suricata or by inserting additional pre-computed information inside the packets. DPDK Prefilters ensures that Suricata has a vendor-independent API and at the same time NIC manufacturers can implement asynchronous bypass and metadata injectors to fully use features of their NICs without complicated integration with Suricata. The presentation covers an overview of the DPDK state in Suricata and an in-depth explanation of DPDK Prefilters along with its first preliminary results.
Klíčová slova
DPDK, Suricata, IDS, IPS, network detection, intrusion detection system, intrusion prevention system, Data Plane Development Kit
Autoři
ŠIŠMIŠ, L.; KOŘENEK, J.
Vydáno
7. 9. 2022
Místo
Arcachon
Strany počet
23
URL
https://static.sched.com/hosted_files/dpdkuserspace22/fc/SISMIS-SURICATA-DPKD-Prefilters.pdf
BibTex
@misc{BUT180125, author="Lukáš {Šišmiš} and Jan {Kořenek}", title="Accelerating Suricata with DPDK", year="2022", pages="23", address="Arcachon", url="https://static.sched.com/hosted_files/dpdkuserspace22/fc/SISMIS-SURICATA-DPKD-Prefilters.pdf", note="presentation, poster" }