Show simple item record

dc.contributor.authorHENRIKSEN, VEGARD
dc.contributor.authorFØRDE, ROAR
dc.identifier.citationHenriksen, V. & Førde, R. (2021) Tuning Suricata Intrusion Detection System for High Performance on a Single Non-Uniform Memory Access Node (Master's thesis). University of Agder, Grimstad.en_US
dc.descriptionMaster's thesis in Cyber security (IKT523)en_US
dc.description.abstractThe rapid increase in network capacity poses a challenge in detecting cyber attacks. Suricata is a modern intrusion detection system(IDS) used to monitor network traffic to detect cyberattacks. Telenor is monitoring considerable amounts of network traffic with IDS-servers, commonly referred to as sensors. Occasionally, the traffic load reaches a point where theIDS drops some of the incoming packets, termed packet loss. This is a serious problem, asit can lead to undetected threats. With this in mind, Telenor wants to find out if a lossless detection can be achieved by tuning Suricata for high performance. This can be accomplished by pinning dedicated CPUs to Suricata and by optimizing the process from when the packets arrive at the sensor until they have been processed by Suricata. Additionally, anon-uniform memory access (NUMA) topology will be employed to reduce data latency. NUMA is a memory architecture where the processing units are divided into two NUMA nodes with their own local memory attached. By using the NUMA node where the packets arrive, Suricata should in theory operate more efficiently. The Suricata performance is affected by several factors, such as the hardware capability and capacity, BIOS settings, and the traffic type. The sensors also run other critical processes on the same NUMA node. An additional goal is therefore to limit the processing power reserved for Suricata.en_US
dc.publisherUniversity of Agderen_US
dc.rightsAttribution-NonCommercial-NoDerivatives 4.0 Internasjonal*
dc.titleTuning Suricata Intrusion Detection System for High Performance on a Single Non-Uniform Memory Access Nodeen_US
dc.typeMaster thesisen_US
dc.rights.holder© 2021 VEGARD HENRIKSEN, ROAR FØRDEen_US
dc.subject.nsiVDP::Matematikk og Naturvitenskap: 400::Informasjons- og kommunikasjonsvitenskap: 420::Sikkerhet og sårbarhet: 424en_US

Files in this item


This item appears in the following Collection(s)

Show simple item record

Attribution-NonCommercial-NoDerivatives 4.0 Internasjonal
Except where otherwise noted, this item's license is described as Attribution-NonCommercial-NoDerivatives 4.0 Internasjonal