• Journal of Internet Computing and Services
    ISSN 2287 - 1136(Online) / ISSN 1598 - 0170 (Print)
    http://jics.or.kr/

Performance Analysis of TCAM-based Jumping Window Algorithm for Snort 2.9.0


Sung-Yun Lee, Ki-Yeol Ryu, Journal of Internet Computing and Services, Vol. 13, No. 2, pp. 41-50, Apr. 2012
10.7472/jksii.2012.13.2.41, Full Text:
Keywords: Distributed Denial of Service, Intrusion Detection System, Jumping Window Algorithm, Snort2.9.0, TCAM

Abstract

Wireless network support and extended mobile network environment with exponential growth of smart phone users allow us to utilize the network anytime or anywhere. Malicious attacks such as distributed DOS, internet worm, e-mail virus and so on through high-speed networks increase and the number of patterns is dramatically increasing accordingly by increasing network traffic due to this internet technology development. To detect the patterns in intrusion detection systems, an existing research proposed an efficient algorithm called the jumping window algorithm and analyzed approximately 2,000 patterns in Snort 2.1.0, the most famous intrusion detection system. using the algorithm. However, it is inappropriate from the number of TCAM lookups and TCAM memory efficiency to use the result proposed in the research in current environment (Snort 2.9.0) that has longer patterns and a lot of patterns because the jumping window algorithm is affected by the number of patterns and pattern length. In this paper, we simulate the number of TCAM lookups and the required TCAM size in the jumping window with approximately 8,100 patterns from Snort-2.9.0 rules, and then analyse the simulation result. While Snort 2.1.0 requires 16-byte window and 9Mb TCAM size to show the most effective performance as proposed in the previous research, in this paper we suggest 16-byte window and 4 18Mb-TCAMs which are cascaded in Snort 2.9.0 environment.


Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from November 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[APA Style]
Sung-Yun Lee and Ki-Yeol Ryu (2012). Performance Analysis of TCAM-based Jumping Window Algorithm for Snort 2.9.0. Journal of Internet Computing and Services, 13(2), 41-50. DOI: 10.7472/jksii.2012.13.2.41.

[IEEE Style]
S. Lee and K. Ryu, "Performance Analysis of TCAM-based Jumping Window Algorithm for Snort 2.9.0," Journal of Internet Computing and Services, vol. 13, no. 2, pp. 41-50, 2012. DOI: 10.7472/jksii.2012.13.2.41.

[ACM Style]
Sung-Yun Lee and Ki-Yeol Ryu. 2012. Performance Analysis of TCAM-based Jumping Window Algorithm for Snort 2.9.0. Journal of Internet Computing and Services, 13, 2, (2012), 41-50. DOI: 10.7472/jksii.2012.13.2.41.