AN OPTINIZED ALGORITHM OF PARALELL DATA PROCESSING BY SNORT CORE

The paper addresses the problem of optimizing the firmware algorithm of detecting and preventing computer attacks on the Internet access workstations and networking equipment. The main objective was to boost the device capacity and save data processing resources. It has been proved that existing soft products that have been developed for single thread execution architectures need to be modified. In particular the paper discusses Snort network intrusion and prevention system that initially has been made to operate on the processor single core in single thread mode. Snort core paralleling principle is based on dividing the inbound traffic into lower-speed atomic channels that are distributed over several individually runnable Snort cores as individual processes that are interconnected and can exchange information. The authors suggest the algorithm optimization way that consists in utilizing the fast shared memory to facilitate information exchange between the processes. The paper focuses on a key element in the data processing paralleling algorithm which is the balance algorithm. The proposed algorithm has been used to optimize the performance of the inbound traffic balancing unit, which increased the operation speed of the total system. A test facility has been developed to simulate and refine the constructed intrusion detection distributed system. The paper presents the testing facility structure, testing method and test numerical results. The test item was a standard traffic routed to the system input from backbone link. The research results were used to determine the dependency of the traffic processing speed on the number of cores in the system.

компьютерная атака, система отражения атак, балансировка трафика, сетевой сенсор, computer attack, intrusion prevention system, traffic balancing, netted sensor

1. Andrew R. Baker. Snort IDS and IPS Toolkit // Syngress. - 2008. - Pp. 79-139.

2. SNORT Users Manual. - URL: https: // www.snort.org/

3. Jay Beale and oth. Snort Intrusion Detection 2.0 // Syngress. - 2010. - 550p.

4. Jay Beale and oth. Snort Intrusion Detection and Prevention Toolkit // Syngress. - 2010. - 768 p.

5. Нетес В. А. Качество обслуживания на сетях связи. Обзор рекомендаций МСЭ-Т // Сети и системы связи. - 1999. - №. 3. - С. 66-71.

6. Кузнецов С. Н., Огнев И. В., Поляков С. Ю. Методика тестирования каналов связи Ethernet // Технологии и средства связи. - 2005. - №. 2. - С. 46-48.

7. Воеводин В. В. Параллельные вычисления // БХВ-Петербург. - 2002. - С. 32-78.

8. Ватутин Э.И., Титов В.С. Особенности реализации технологии hyper-threading в процессорах Intel Pentium 4 на примере выполнения кода различного типа // Известия Юго-Западного государственного университета. - 2008. - № 2 (23). - С. 62-65.

9. Ватутин Э.И., Титов В.С. Оценка реальной производительности современных процессоров в задаче умножения матриц для однопоточной программной реализации с использованием расширения SSE (часть 1) // Известия Юго-Западного государственного университета. - 2015. - № 4 (61). - С. 26-35.

10. Alan G. Konheim. Computer Security and Cryptography // Wiley. - 2016. - Pp. 46-182.