2-Step Power Scheduling with Adaptive Control Interval for Network Intrusion Detection Systems on Multicores

Lau Phi Tuong, Keiji Kimura

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    1 Citation (Scopus)

    Abstract

    Network intrusion detection system (NIDS) is becoming an important element even in embedded systems as well as in data centers since embedded computers have been increasingly exposed to the Internet. The demand for power budget of these embedded systems is a critical issue in addition to that for performance. In this paper, we propose a technique to minimize power consumption in the NIDS called by 2-step power scheduling with the adaptive control interval. In addition, we also propose a CPU-core controlling algorithm so that our scheduling technique can preserve the performance for other applications and NIDS assuming the cases of multiplexing NIDS and them simultaneously on the same device such as a home server or a mobile platform. We implement our 2-step algorithm into Suricata, which is a popular NIDS, as well as a 1-step algorithm and a simple fixed interval algorithm for evaluations. Experimental results show that our 2-step scheduling with both the adaptive and the fixed 30-millisecond interval achieve 75% power saving comparing with the Ondemand governor and 87% comparing with the Performance governor in Linux, respectively, without affecting their performance capability on four ARM Cortex-A15 cores at the network traffic of 1,000 packets/seconds. In contrast, when the network traffic reaches to 17,000 packets/seconds, our 2-step scheduling and the Ondemand as well as the Performance governor can maintain the packet processing capacity while the fixed 30-milliseconds interval processes only 50% packets with two and three cores, and about 80% packets on four cores.

    Original languageEnglish
    Title of host publicationProceedings - IEEE 10th International Symposium on Embedded Multicore/Many-Core Systems-on-Chip, MCSoC 2016
    PublisherInstitute of Electrical and Electronics Engineers Inc.
    Pages69-76
    Number of pages8
    ISBN (Electronic)9781509035304
    DOIs
    Publication statusPublished - 2016 Dec 5
    Event10th IEEE International Symposium on Embedded Multicore/Many-Core Systems-on-Chip, MCSoC 2016 - Lyon, France
    Duration: 2016 Sep 212016 Sep 23

    Other

    Other10th IEEE International Symposium on Embedded Multicore/Many-Core Systems-on-Chip, MCSoC 2016
    CountryFrance
    CityLyon
    Period16/9/2116/9/23

    Fingerprint

    Intrusion detection
    Scheduling
    Governors
    Embedded systems
    Multiplexing
    Program processors
    Electric power utilization
    Servers
    Internet
    Processing

    Keywords

    • Data Center
    • Dynamic Voltage Frequency Scaling (DVFS)
    • Network Intrusion Detection System (NIDS)
    • Suricata

    ASJC Scopus subject areas

    • Computer Networks and Communications
    • Hardware and Architecture

    Cite this

    Tuong, L. P., & Kimura, K. (2016). 2-Step Power Scheduling with Adaptive Control Interval for Network Intrusion Detection Systems on Multicores. In Proceedings - IEEE 10th International Symposium on Embedded Multicore/Many-Core Systems-on-Chip, MCSoC 2016 (pp. 69-76). [7774422] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/MCSoC.2016.18

    2-Step Power Scheduling with Adaptive Control Interval for Network Intrusion Detection Systems on Multicores. / Tuong, Lau Phi; Kimura, Keiji.

    Proceedings - IEEE 10th International Symposium on Embedded Multicore/Many-Core Systems-on-Chip, MCSoC 2016. Institute of Electrical and Electronics Engineers Inc., 2016. p. 69-76 7774422.

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Tuong, LP & Kimura, K 2016, 2-Step Power Scheduling with Adaptive Control Interval for Network Intrusion Detection Systems on Multicores. in Proceedings - IEEE 10th International Symposium on Embedded Multicore/Many-Core Systems-on-Chip, MCSoC 2016., 7774422, Institute of Electrical and Electronics Engineers Inc., pp. 69-76, 10th IEEE International Symposium on Embedded Multicore/Many-Core Systems-on-Chip, MCSoC 2016, Lyon, France, 16/9/21. https://doi.org/10.1109/MCSoC.2016.18
    Tuong LP, Kimura K. 2-Step Power Scheduling with Adaptive Control Interval for Network Intrusion Detection Systems on Multicores. In Proceedings - IEEE 10th International Symposium on Embedded Multicore/Many-Core Systems-on-Chip, MCSoC 2016. Institute of Electrical and Electronics Engineers Inc. 2016. p. 69-76. 7774422 https://doi.org/10.1109/MCSoC.2016.18
    Tuong, Lau Phi ; Kimura, Keiji. / 2-Step Power Scheduling with Adaptive Control Interval for Network Intrusion Detection Systems on Multicores. Proceedings - IEEE 10th International Symposium on Embedded Multicore/Many-Core Systems-on-Chip, MCSoC 2016. Institute of Electrical and Electronics Engineers Inc., 2016. pp. 69-76
    @inproceedings{e5f3528fca814c16a389e5757023e4f4,
    title = "2-Step Power Scheduling with Adaptive Control Interval for Network Intrusion Detection Systems on Multicores",
    abstract = "Network intrusion detection system (NIDS) is becoming an important element even in embedded systems as well as in data centers since embedded computers have been increasingly exposed to the Internet. The demand for power budget of these embedded systems is a critical issue in addition to that for performance. In this paper, we propose a technique to minimize power consumption in the NIDS called by 2-step power scheduling with the adaptive control interval. In addition, we also propose a CPU-core controlling algorithm so that our scheduling technique can preserve the performance for other applications and NIDS assuming the cases of multiplexing NIDS and them simultaneously on the same device such as a home server or a mobile platform. We implement our 2-step algorithm into Suricata, which is a popular NIDS, as well as a 1-step algorithm and a simple fixed interval algorithm for evaluations. Experimental results show that our 2-step scheduling with both the adaptive and the fixed 30-millisecond interval achieve 75{\%} power saving comparing with the Ondemand governor and 87{\%} comparing with the Performance governor in Linux, respectively, without affecting their performance capability on four ARM Cortex-A15 cores at the network traffic of 1,000 packets/seconds. In contrast, when the network traffic reaches to 17,000 packets/seconds, our 2-step scheduling and the Ondemand as well as the Performance governor can maintain the packet processing capacity while the fixed 30-milliseconds interval processes only 50{\%} packets with two and three cores, and about 80{\%} packets on four cores.",
    keywords = "Data Center, Dynamic Voltage Frequency Scaling (DVFS), Network Intrusion Detection System (NIDS), Suricata",
    author = "Tuong, {Lau Phi} and Keiji Kimura",
    year = "2016",
    month = "12",
    day = "5",
    doi = "10.1109/MCSoC.2016.18",
    language = "English",
    pages = "69--76",
    booktitle = "Proceedings - IEEE 10th International Symposium on Embedded Multicore/Many-Core Systems-on-Chip, MCSoC 2016",
    publisher = "Institute of Electrical and Electronics Engineers Inc.",
    address = "United States",

    }

    TY - GEN

    T1 - 2-Step Power Scheduling with Adaptive Control Interval for Network Intrusion Detection Systems on Multicores

    AU - Tuong, Lau Phi

    AU - Kimura, Keiji

    PY - 2016/12/5

    Y1 - 2016/12/5

    N2 - Network intrusion detection system (NIDS) is becoming an important element even in embedded systems as well as in data centers since embedded computers have been increasingly exposed to the Internet. The demand for power budget of these embedded systems is a critical issue in addition to that for performance. In this paper, we propose a technique to minimize power consumption in the NIDS called by 2-step power scheduling with the adaptive control interval. In addition, we also propose a CPU-core controlling algorithm so that our scheduling technique can preserve the performance for other applications and NIDS assuming the cases of multiplexing NIDS and them simultaneously on the same device such as a home server or a mobile platform. We implement our 2-step algorithm into Suricata, which is a popular NIDS, as well as a 1-step algorithm and a simple fixed interval algorithm for evaluations. Experimental results show that our 2-step scheduling with both the adaptive and the fixed 30-millisecond interval achieve 75% power saving comparing with the Ondemand governor and 87% comparing with the Performance governor in Linux, respectively, without affecting their performance capability on four ARM Cortex-A15 cores at the network traffic of 1,000 packets/seconds. In contrast, when the network traffic reaches to 17,000 packets/seconds, our 2-step scheduling and the Ondemand as well as the Performance governor can maintain the packet processing capacity while the fixed 30-milliseconds interval processes only 50% packets with two and three cores, and about 80% packets on four cores.

    AB - Network intrusion detection system (NIDS) is becoming an important element even in embedded systems as well as in data centers since embedded computers have been increasingly exposed to the Internet. The demand for power budget of these embedded systems is a critical issue in addition to that for performance. In this paper, we propose a technique to minimize power consumption in the NIDS called by 2-step power scheduling with the adaptive control interval. In addition, we also propose a CPU-core controlling algorithm so that our scheduling technique can preserve the performance for other applications and NIDS assuming the cases of multiplexing NIDS and them simultaneously on the same device such as a home server or a mobile platform. We implement our 2-step algorithm into Suricata, which is a popular NIDS, as well as a 1-step algorithm and a simple fixed interval algorithm for evaluations. Experimental results show that our 2-step scheduling with both the adaptive and the fixed 30-millisecond interval achieve 75% power saving comparing with the Ondemand governor and 87% comparing with the Performance governor in Linux, respectively, without affecting their performance capability on four ARM Cortex-A15 cores at the network traffic of 1,000 packets/seconds. In contrast, when the network traffic reaches to 17,000 packets/seconds, our 2-step scheduling and the Ondemand as well as the Performance governor can maintain the packet processing capacity while the fixed 30-milliseconds interval processes only 50% packets with two and three cores, and about 80% packets on four cores.

    KW - Data Center

    KW - Dynamic Voltage Frequency Scaling (DVFS)

    KW - Network Intrusion Detection System (NIDS)

    KW - Suricata

    UR - http://www.scopus.com/inward/record.url?scp=85010408059&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=85010408059&partnerID=8YFLogxK

    U2 - 10.1109/MCSoC.2016.18

    DO - 10.1109/MCSoC.2016.18

    M3 - Conference contribution

    AN - SCOPUS:85010408059

    SP - 69

    EP - 76

    BT - Proceedings - IEEE 10th International Symposium on Embedded Multicore/Many-Core Systems-on-Chip, MCSoC 2016

    PB - Institute of Electrical and Electronics Engineers Inc.

    ER -