A comparative paper on measuring the performance of snort and suricata with variable packet sizes and speed

  • Abstract
  • Keywords
  • References
  • PDF
  • Abstract

    This survey paper focuses mainly on comparing the performance of free open-source IDS tools like snort and Suricata, for identifying malignant activities on HIDS. Among the existing intrusion detection tools, Snort is one of the best free open-source tools and for over a decade it is the most widely used tool in the computing industry. The objective of Suricata is to offer signature-based intrusion detection and the latest version is released in the year 2018. Suricata is combined with the latest advancements in recent technology such as multi-threading of the process in order to get better processing rate. We evaluated the processing speed, consumption of memory, and accuracy. We observed in the process of handling a larger amount of network traffic data Suricata has shown better results when compared with Snort and both tools have registered with like accuracy.


  • Keywords

    Snort; Suricata; Intrusion Detection System; TCP; UDP.

  • References

      [1] Fossl, M. (2011). Symantec Internet security threat ReportTrends for 2010.Symantec Corp.

      [2] DOROTHY E. DENNING, an Intrusion-Detection Model, IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, VOL. SE-13, NO. 2, FEBRUARY 1987, 222-232.

      [3] Suricata Vs Snort (2012), “Suricata-vs-snort”, [Online] Available: http:// www.aldeid.com /wiki/Suricata-vs-snort.

      [4] K. Scarfone, P. Mell, “Guide to Intrusion Detection and Prevention Systems (IDPS)”. Computer Security Resource Center (National Institute of Standards and Technology). February 2007.

      [5] A. Chittur, “Model Generation for an Intrusion Detection System Using Genetic Algorithms”.January 2005.

      [6] David J.Day, Benjamin M.Burns. (2011),“A Performance Analysis of Snort and Suricata Network Intrusion Detection and Prevention Engines” The Fifth International Conference on Digital Society, 2011, pp.1-4.

      [7] Qing-Xiu Wu.,“The Network Protocol Analysis Technique in Snort”, International Conference on Solid State Devices and Materials Science, 2012, pp.1-4. https://doi.org/10.1016/j.phpro.2012.03.224.

      [8] Adeeb Alhomoud, Rashid Munir, Jules Pagna Disso, Irfan Awan, Al-Dhelaan, 2011,“Performance Evaluation Study of Intrusion Detection Systems”, The 2nd International Conference on Ambiems, Networks, and Technologies, 2011. Pp.1-4.

      [9] Snort (2011). “Snort”, [Online] Available: http://www.snort. org.

      [10] Snort Software (2012),“Snort (software)”, [Online] Available: en.wikipedia.org/wiki/Snort_ (software).

      [11] Richard Bejtlich, “The Tao of Network Security Monitoring”, Addison-Wesley, 2004.

      [12] Packet Loss (2011), “Packet loss”, [Online] Available: HTTP:// www.nessoft.com/kb/42.

      [13] Suricata ids. URL: http://www.openinfosecfoundation.org, 2011.




Article ID: 20985
DOI: 10.14419/ijet.v8i1.20985

Copyright © 2012-2015 Science Publishing Corporation Inc. All rights reserved.