Welcome to the Bahria University DSpace digital repository. DSpace is a digital service that collects, preserves, and distributes digital material. Repositories are important tools for preserving an organization's legacy; they facilitate digital preservation and scholarly communication.
dc.contributor.author | Amad Talat, 01-245172-002 | |
dc.date.accessioned | 2020-12-18T03:50:09Z | |
dc.date.available | 2020-12-18T03:50:09Z | |
dc.date.issued | 2019 | |
dc.identifier.uri | http://hdl.handle.net/123456789/10546 | |
dc.description | Supervised by Dr. Faisal Bashir | en_US |
dc.description.abstract | The art of protecting and preventing the network from an unauthorized access is commonly known as network security. In order to secure internet network, packet capturing is the most significant component. However, due to frequent surge in the development of network technologies, packet capturing is a crucial task. In this context, performance evaluations of most frequently utilized packet capturing libraries i.e. 1) Libpcap 2) AF_Packet and 3) PF_RING, has been performed on a single core architecture using an open source SNORT IDS running on Ubuntu 16.04 operating system. Based on the evaluation, it has been analyzed that PF_RING outperforms in terms of packet capturing as compared to libpcap and AF_Packet. The conventional open source IDS i.e. SNORT contains a data acquisition (DAQ) module for packet capturing. The DAQ module in the SNORT operates only with LibPcap and AF_Packet libraries. In the proposed work, SNORT has been integrated with PF_RING for efficient packet capturing. In addition to the integration of SNORT with PF_RING, a multicore architecture introduced for efficient packet processing. The multicore architecture constitutes a total of two components 1) a packet capturing and 2) hash-based traffic distributor. Use of hash based traffic distributor in the proposed multicore architecture determines the novelty of this work. The packet capturing component uses PF_RING for efficient packet capturing while hash-based packet distributor component uses IP HASH mechanism (hash functions) to distribute incoming traffic among multiple queues. Normally, each queue (data structure) is used for packet reception form hash-based distributor. In the proposed architecture, each queue is integrated with a separate core and separate SNORT instance for efficient packet processing. The proposed multicore architecture is evaluated on Linux (Ubuntu 16.04) based operating system. For packet generation, OSTINATO (a packet generation tool/software) has been used, running on Windows operating system. Detailed empirical analysis shows that the proposed hash function uniformly uses all available system cores and increases packet reception and processing speed. | en_US |
dc.language.iso | en | en_US |
dc.publisher | Bahria University Islamabad Campus | en_US |
dc.relation.ispartofseries | MS (T&N);T-8878 | |
dc.subject | Social Science | en_US |
dc.title | Packet capturing and processing for high speed networks | en_US |
dc.type | MS Thesis | en_US |