A comparative paper on measuring the performance of snort and suricata with variable packet sizes and speed

  • Authors

    • M. Naga Surya Lakshmi Reserch Scholar, Department of Computer Science & Engineering, GITAM University, Visakhapatnam.
    • Dr. Y. Radhika Professor,Department of Computer Science & Engineering, GITAM University, Visakhapatnam.
    2019-01-27
    https://doi.org/10.14419/ijet.v8i1.20985
  • Snort, Suricata, Intrusion Detection System, TCP, UDP.

  • Abstract

    This survey paper focuses mainly on comparing the performance of free open-source IDS tools like snort and Suricata, for identifying malignant activities on HIDS. Among the existing intrusion detection tools, Snort is one of the best free open-source tools and for over a decade it is the most widely used tool in the computing industry. The objective of Suricata is to offer signature-based intrusion detection and the latest version is released in the year 2018. Suricata is combined with the latest advancements in recent technology such as multi-threading of the process in order to get better processing rate. We evaluated the processing speed, consumption of memory, and accuracy. We observed in the process of handling a larger amount of network traffic data Suricata has shown better results when compared with Snort and both tools have registered with like accuracy.

     

  • References

    1. [1] Fossl, M. (2011). Symantec Internet security threat ReportTrends for 2010.Symantec Corp.

      [2] DOROTHY E. DENNING, an Intrusion-Detection Model, IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, VOL. SE-13, NO. 2, FEBRUARY 1987, 222-232.

      [3] Suricata Vs Snort (2012), “Suricata-vs-snortâ€, [Online] Available: http:// www.aldeid.com /wiki/Suricata-vs-snort.

      [4] K. Scarfone, P. Mell, “Guide to Intrusion Detection and Prevention Systems (IDPS)â€. Computer Security Resource Center (National Institute of Standards and Technology). February 2007.

      [5] A. Chittur, “Model Generation for an Intrusion Detection System Using Genetic Algorithmsâ€.January 2005.

      [6] David J.Day, Benjamin M.Burns. (2011),“A Performance Analysis of Snort and Suricata Network Intrusion Detection and Prevention Engines†The Fifth International Conference on Digital Society, 2011, pp.1-4.

      [7] Qing-Xiu Wu.,“The Network Protocol Analysis Technique in Snortâ€, International Conference on Solid State Devices and Materials Science, 2012, pp.1-4. https://doi.org/10.1016/j.phpro.2012.03.224.

      [8] Adeeb Alhomoud, Rashid Munir, Jules Pagna Disso, Irfan Awan, Al-Dhelaan, 2011,“Performance Evaluation Study of Intrusion Detection Systemsâ€, The 2nd International Conference on Ambiems, Networks, and Technologies, 2011. Pp.1-4.

      [9] Snort (2011). “Snortâ€, [Online] Available: http://www.snort. org.

      [10] Snort Software (2012),“Snort (software)â€, [Online] Available: en.wikipedia.org/wiki/Snort_ (software).

      [11] Richard Bejtlich, “The Tao of Network Security Monitoringâ€, Addison-Wesley, 2004.

      [12] Packet Loss (2011), “Packet lossâ€, [Online] Available: HTTP:// www.nessoft.com/kb/42.

      [13] Suricata ids. URL: http://www.openinfosecfoundation.org, 2011.

  • Downloads

  • How to Cite

    Naga Surya Lakshmi, M., & Y. Radhika, D. (2019). A comparative paper on measuring the performance of snort and suricata with variable packet sizes and speed. International Journal of Engineering & Technology, 8(1), 53-58. https://doi.org/10.14419/ijet.v8i1.20985

    Received date: 2018-10-04

    Accepted date: 2018-12-08

    Published date: 2019-01-27