Piranha + Cuckoo Snort NIDS

Network Intrusion Detection Systems (NIDSs) provide an important security function to defend network attacks. As network speeds and workloads increase, it is important for NIDSs to be highly effcient. Most NIDSs must check for thousands of known attack patterns in every packet, making pattern matching the most expensive part of signature-based NIDSs in terms of processing and memory resources. Piranha+ Cuckoo Snort combines filltering of Piranha and hashing of Cuckoo together. Especially the matching speed is faster up to 29% than that of Piranha. In this paper, we first introduce the background of Snort NIDS, Piranha, Cuckoo hashing and then present the experimental results. We then discuss the results and finally draw conclusions.