Optimization of traditional Snort intrusion detection system

Abstract

Abstract With the rapid development of the Internet, the following network security issues are increasingly prominent and the increasing number of network attacks has also attracted the attention of more professionals. Network attacks are generally divided into operation attack, spoofing attack, flooding attack, redirection and so on. In order to ensure the security of computer system, intrusion detection system is designed, and people pay more and more attention to it. Firewall as the first security gate to maintain network security, intrusion detection system is undoubtedly the second security gate after the firewall. Snort intrusion detection system is a typical application of intrusion detection system. In addition, Snort is a real-time traffic analysis system that can capture and analyze packets on the network according to defined rules. However, with the continuous increase of data volume and the emergence of big data, the pattern library of Snort intrusion detection system also expands correspondingly, leading to the decrease of detection efficiency. DPDK(Data Plane Development Kit) adopts polling method to realize data packet processing, which saves CPU interrupt time, memory copy time, and provides a simple and efficient data packet processing method to the application layer, making the development of network applications more convenient. How to improve the efficiency of Snort intrusion detection system with the advantage of DPDK’s high-performance packet processing is the research focus of this paper.