Abstract. Network intrusion detection systems (NIDS) are becoming an important tool for protecting critical information and infrastructure. The quality of a NIDS is described by the percentage of true attacks detected combined with the number of false alerts. However, even a high-quality NIDS algorithm is not effective if its processing cost is too high, since the resulting loss of packets increases the probability that an attack is not detected. This study measures and compares two major components of the NIDS processing cost on a number of diverse systems to pinpoint performance bottlenecks and to determine the impact of operating system and architecture differences. Results show that even on moderate-speed networks, many systems are inadequate as NIDS platforms. Performance depends not only on the processor performance, but to a large extent also on the memory system. Recent trends in processor microarchitecture towards deep pipelines have a negative impact on the systems NIDS capabilities, and multiprocessor architectures usually do not lead to significant performance improvements. Overall, these results provide valuable guidelines for NIDS developers and adopters for choosing a suitable platform, and highlight the need to consider processing cost when developing and evaluating NIDS techniques.
As a result of technology trends towards multi-gigahertz processors, the I/O system is becoming a critical bottleneck for many applications. Interrupts are a major aspect of most device drivers. Characterizing interrupt performance and its relation to architectural trends is important for understanding and improving I/O subsystem performance. Kernel instrumentation in combination with performance counters is able to overcome the limitations of microbenchmarks when measuring interrupts. A comparative analysis of a range of IA-32 based systems reveals that interrupt handler code exhibits only a low degree of instruction-level parallelism. Consequently, the trend towards deeper processor pipelines and smaller caches to maximize clock frequency can be detrimental to interrupt handling performance.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.