Home Cyberspace Development Notes: Processing 69000 Snort IDS Alerts

Development Notes: Processing 69000 Snort IDS Alerts

5024
0
SHARE
69000 Clustered IDS Alerts
69000 Clustered IDS Alerts

Development Notes:

IDS Alerts File Size:   25,01,7833
IDS Alerts:                 69,094
Nodes:                       4,251            Note 1
Edges:                       4,250
JSON File Size:          1,364,645 Bytes
Time to Create XML FDG:        ~ 8 minutes    Note 2,4
Time to Create XML FDG:        ~ 4 minutes    Note 3,4
XML File Size:           1,456,577 Bytes      Note 4

Notes:

1. 69,094 Alerts Clustered into 4,251 Nodes
2. 16 Core AMD Opteron(tm) Processor 6128 64 MB RAM
3. 8 Core AMD Opteron(tm) Processor 3280 32 MB RAM
4. Coordinates Added in Force-Directed Graph Process

Brief Discussion:

Run time performance in visualization engine significantly slowed down when raycasting is enabled for each node. Performance improves dramatically when raycasting is disabled for low-priority nodes.

Back-end benchmark tests will continue until we reach 100,000 IDS alerts.

Also, will move FDG process to the 8 Core AMD Opteron(tm) Processor 3280 server since it’s processing the graph about twice as fast (less busy).