Thesis Details
Optimization of the Suricata IDS/IPS
The recent rapid increase of network traffic bandwidth has sprung new challenges in securing the network. It is vital to keep monitoring the traffic to securely identify threats in the network. Systems like IDS (intrusion detection systems) alert us about events in the analyzed traffic. Suricata, as one of the available IDS, was chosen for this thesis. The ultimate goal of the thesis is to tune settings of AF_PACKET capture interface to reach the best performance possible and then suggest and implement an optimization for Suricata. Results of the AF_PACKET should be used as a baseline for comparison with future improvements. Optimization is based on implementing a new capture interface to Suricata that is based on Data Plane Development Kit (DPDK). DPDK helps to accelerate packet capture and this implies that it might improve the performance of Suricata. Results that compare AF_PACKET and DPDK performance are evaluated at the end of this master thesis.
Suricata, XDP, Hyperscan, Flow shunting, Bypass, AF_PACKET, PF_RING, DPDK, PCAP, Network monitoring, IDS, IPS, Network traffic detection, Suricata optimization, DPDK runmode
Bartík Vladimír, Ing., Ph.D. (DIFS FIT BUT), člen
Holík Lukáš, doc. Mgr., Ph.D. (DITS FIT BUT), člen
Kreslíková Jitka, doc. RNDr., CSc. (DIFS FIT BUT), člen
Orság Filip, Ing., Ph.D. (DITS FIT BUT), člen
Polčák Libor, Ing., Ph.D. (DIFS FIT BUT), člen
@mastersthesis{FITMT23479,
author = "Luk\'{a}\v{s} \v{S}i\v{s}mi\v{s}",
type = "Master's thesis",
title = "Optimization of the Suricata IDS/IPS",
school = "Brno University of Technology, Faculty of Information Technology",
year = 2021,
location = "Brno, CZ",
language = "english",
url = "https://www.fit.vut.cz/study/thesis/23479/"
}