|
|
Optimalizace systému Suricata zredukovaním mezivláknových závislostí
Kríž, Adam ; Setinský, Jiří (oponent) ; Šišmiš, Lukáš (vedoucí práce)
In the age of the internet, connection to the global network is possible from almost any type of device. Just to name a few: a fridge, a front door, a smart watches and more. With the growing number of devices that require an internet connection, the security and protection of the user's privacy comes to the foreground. One of the solutions that can be ensured network protection is Suricata, which is used to detect network threats and events. It can deploy as a monitoring system or it can be an active prevention system. Aim of this work will be optimizing the Suricata system in IDS mode (Intrusion Detection System ). As a result of the work, certain data structures will be changed, which will reduce cross-thread dependencies. The result will be an expected increase in performance in the form of savings processor time and increasing the volume of processed packets at the same time. Achieved results will be described in detail and evaluated at the end of the bachelor's thesis.
|
|
|
Optimization of the Suricata IDS/IPS
Šišmiš, Lukáš ; Fukač, Tomáš (oponent) ; Korček, Pavol (vedoucí práce)
The recent rapid increase of network traffic bandwidth has sprung new challenges in securing the network. It is vital to keep monitoring the traffic to securely identify threats in the network. Systems like IDS (intrusion detection systems) alert us about events in the analyzed traffic. Suricata , as one of the available IDS, was chosen for this thesis. The ultimate goal of the thesis is to tune settings of AF_PACKET capture interface to reach the best performance possible and then suggest and implement an optimization for Suricata . Results of the AF_PACKET should be used as a baseline for comparison with future improvements. Optimization is based on implementing a new capture interface to Suricata that is based on Data Plane Development Kit ( DPDK ). DPDK helps to accelerate packet capture and this implies that it might improve the performance of Suricata . Results that compare AF_PACKET and DPDK performance are evaluated at the end of this master thesis.
|
|
|
Using Metadata to Optimize the Suricata IDS/IPS
Shchapaniak, Andrei ; Fukač, Tomáš (oponent) ; Šišmiš, Lukáš (vedoucí práce)
As the Internet continues to grow and evolve, cyber-attacks have become more harmful and severe. Therefore, it is important to have effective detection and prevention systems. The need for such systems is becoming more demanding because the damage caused by cyber-attacks can be devastating to individuals and organizations. This motivates the development of high-performance detection and prevention systems that are able to detect and prevent cyber-attacks in a more effective way. Specifically, this thesis is focused on one of such systems -- Suricata. It is an open-source IDS/IPS system that is widely used in the industry due to its advanced capabilities and flexibility. The ultimate goal of the thesis is to design, implement and evaluate the transmission of per-packet metadata. Metadata could be added by smart network interface cards (SmartNICs). DPDK Prefilter was used in conjunction with Suricata to simulate the specialized hardware. It can simulate the transmission of metadata to Suricata. The impact of metadata and the results of the experimental evaluation will be discussed in detail at the end of this bachelor's thesis.
|
|
|
Optimization of the Suricata IDS/IPS
Šišmiš, Lukáš ; Fukač, Tomáš (oponent) ; Korček, Pavol (vedoucí práce)
The recent rapid increase of network traffic bandwidth has sprung new challenges in securing the network. It is vital to keep monitoring the traffic to securely identify threats in the network. Systems like IDS (intrusion detection systems) alert us about events in the analyzed traffic. Suricata , as one of the available IDS, was chosen for this thesis. The ultimate goal of the thesis is to tune settings of AF_PACKET capture interface to reach the best performance possible and then suggest and implement an optimization for Suricata . Results of the AF_PACKET should be used as a baseline for comparison with future improvements. Optimization is based on implementing a new capture interface to Suricata that is based on Data Plane Development Kit ( DPDK ). DPDK helps to accelerate packet capture and this implies that it might improve the performance of Suricata . Results that compare AF_PACKET and DPDK performance are evaluated at the end of this master thesis.
|
host ::
RSS.