STEAL: Service Time-Aware Load balancer on many-core processors for fast intrusion detection

摘要

To realize the high-speed intrusion detection by accommodating many regex-based signatures and the growing network link capacities, we propose a Service TimE-Aware Load balancing algorithm, which is called STEAL. This work is motivated from the observation that utilization of the many-core Network Intrusion Detection System (NIDS) is influenced by unfair computational distribution among many-core NIDS nodes. To avoid unfair computational distribution among many-core NIDS nodes, STEAL is designed to dynamically distribute the large volume of traffic among many-core NIDS nodes based on the packet service time, which is represented by the deep packet time in many-core NIDS nodes. From experiments, we show that compared to the commonly used load balancing algorithm based on arrival rate, STEAL increases the number of received packets, i.e., decreases the number of dropped packets, in many-core NIDS. Specifically, by integrating an open source NIDS, i.e. Bro, with STEAL, we show that even under the attack-dominant traffic and many signatures, STEAL can rapidly improve the performance of many-core NIDS to realize the high-speed intrusion detection.