...
15:00 - 15:40 Performance Measurements and Acceleration Potential of Suricata, Lukas Kekely (CESNET) [PDF]slides
Abstract: IDS As the number of network security threats is rising and new threats are becoming more and more sophisticated, traffic processing by Intrusion Detection Systems (IDS) is getting significantly more complex. The rising processing complexity diminishes the achievable throughput and even utilizing the most powerful current CPUs, IDS are usually unable to operate at tens or hundreds of Gbps required by today’s fastest networks. In this presentation, we examine the performance of Suricata IDS in high-speed network deployment. Two versions of Suricata are tested:out-of-the-box Suricata software (without acceleration) against software Suricata enhanced by hardware accelerated data preprocessing. Measurements results on real network traffic are provided for both versions and compared in terms of achieved throughput and detection precision.
...