A performance analysis of Snort and Suricata Network Intrusion Detection and Prevention Engines

DAY, David (2011). A performance analysis of Snort and Suricata Network Intrusion Detection and Prevention Engines. In: ICDS 2011, The Fifth International Conference on Digital Society. IARIA, 187-192.

Full text not available from this repository.
Official URL: http://www.thinkmind.org/index.php?view=article&ar...
Related URLs:

    Abstract

    Recently, there has been shift to multi-core processors and consequently multithreaded application design. Multithreaded Network Intrusion Detection and Prevention Systems (NIDPS) are now being considered. Suricata is a multithreaded open source NIDPS, being developed via the Open Information Security Forum (OISF). It is increasing in popularity, as it free to use under the General Public Licence (GPL), with open source code. This paper describes an experiment, comprising of a series of innovative tests to establish whether Suricata shows an increase in accuracy and system performance over the de facto standard, single threaded NIDPS Snort. Results indicate that Snort has a lower system overhead than Suricata and this translates to fewer false negatives utilising a single core, stressed environment. However, Suricata is shown to be more accurate in environments where multi-cores are available. Suricata is shown to be scalable through increased performance when running on four cores; however, even when running on four cores its ability to process a 2Mb pcap file is still less than Snort. In this regard, there is no benefit to utilising multi-cores when running a single instance of Snort.

    Item Type: Book Section
    Additional Information: Conference held Gosier, Guadeloupe, France. Feb. 23, 2011 to Feb. 28, 2011
    Research Institute, Centre or Group - Does NOT include content added after October 2018: Cultural Communication and Computing Research Institute > Communication and Computing Research Centre
    Departments - Does NOT include content added after October 2018: Faculty of Science, Technology and Arts > Department of Computing
    Page Range: 187-192
    Depositing User: David Day
    Date Deposited: 31 May 2012 09:42
    Last Modified: 09 Nov 2016 15:49
    URI: http://shura.shu.ac.uk/id/eprint/5241

    Actions (login required)

    View Item View Item

    Downloads

    Downloads per month over past year

    View more statistics