Tim Vermeiren

Improving the performance of signature-based network intrusion detection sensors by multi-threading

Signature-based Network Intrusion Detection System (NIDS) sensors match network packets against a pre-configured set of intrusion signatures. Current implementations of NIDS sensors employ only a single thread of execution and as a consequence benefit very little from multi-processor hardware platforms. A multi-threaded sensor would allow more efficient and scalable exploitation of these multi-processor machines. We present in detail a number of novel designs for a multi-threaded NIDS sensor and provide performance evaluation figures for a number of multi-threaded implementations of the popular open-source Snort system.

Introducing security services in DSL access and edge networks

Current DSL access and edge networks are typically deployed to offer best-effort high speed Internet access to small office and home environments. Future DSL access and edge networks will offer an evolution to higher bandwidth in the last mile. They will also be used by telecom operators to increase their average revenue per user by offering new services (such as security services) to the end users. In the brand range of advanced security services, we selected a service mix formed by a firewall and a network intrusion detection system for a feasibility study of their introduction in the future access and edge network. The study focuses on the relation between the complexity of the service and available computational technologies in the access and edge network. The evaluation results indicate that moderate complexity security services can be considered for integration. High complexity security services are unlikely to be deployed in the access and edge network.