By Topic

QTL: An efficient scheduling policy for 10Gbps network intrusion detection system

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

5 Author(s)
Bo Song ; Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China ; Weibing Yang ; Mingyu Chen ; Xiaofang Zhao
more authors

Broad network bandwidth and deep inspection impose great challenge for the capability of 10Gpbs network security monitoring. Proper scheduling policies can improve system capability without requiring additional resources. LAS, a size-based scheduling policy which can achieve optimal mean response time by giving preferential analysis to short flows, is widely used in various aspects of network field. Due to the high variability property of Internet traffic, LAS favors short flows without penalizing large flows very much. Unfortunately, the inspection of large flows can not be guaranteed in those network intrusion detection systems on 10Gbps links, which are usually heavily loaded, or even overloaded. Although tiny in percentage, large flows comprise more than 50% of the total load, and therefore can not be ignored, especially when specified by users as critical. How to avoid starving large flows while still giving higher priority to short flows is a dilemma we have to face in practice. In this paper, we propose a QoS-supported three-level scheduling policy (QTL), which can remedy LAS' defect. The experimental results show that our QTL scheduling policy has approximately the same performance as LAS for short flows, and meanwhile exhibits greatly enhanced processing capability for large flows.

Published in:

Computers and Communications (ISCC), 2010 IEEE Symposium on

Date of Conference:

22-25 June 2010