Abstract:
With the rapid increase of network bandwidth and the growing variety of Internet applications, the backbone network intrusion detection systems (B-NIDS) meet the great requirements of delivering higher performance and enhancing effectiveness according to different features of network streams. Computing is entering a new phase in which CPU improvements are driven by the addition of multiple cores on a single chip, rather than higher frequencies. Parallel processing on these systems is in a primitive stage, and the parallelization of a sequential B-NIDS requires the explicit use and knowledge of underlying thread architecture. In this paper the bottleneck of the thread synchronization using fine-grained lock operations is discovered, and the new synchronization mechanism with no contention for shared structures is proposed based on the characteristics of data flow. Then a pipelining programming model of multithreading system with three contexts is issued, and the differential service for streams is implemented with the multiple weighed queues. In performance evaluation, the optimized system shows much better performance in three aspects of resource utilization, throughput, and response time on 8 core server. The improved system with the proposed synchronization mechanism shows good scalability. The processing capability on tested server can exceed over 1Gbps traffic flow. Also the multiple weighed queues for service quality introduce little latency, and a kind of probe-based sampling test shows that the response times of prioritized streams are shorter than those of non-prioritized.