COMPARATIVE PERFORMANCE EVALUATION OF INTRUSION DETECTION SYSTEM: SURICATA AND SNORT

Abstract:

This article examines a comparative performance evaluation problem in an intrusion detection system. We use an evaluation model that we propose to evaluate the performance of two open source intrusion detection (IDS) systems, namely Snort and Suricata, to accurately detect malicious traffic on computer networks. Industry standard open source solution, is a mature product available before Suricata. It introduces a new approach to signature-based intrusion detection and leverages current technologies, such as multithreaded process processing, to improve processing speed. We perpetrated each product on a virtual machine with a multi-core architecture and evaluated for several hours of network traffic on the backbone. We compared and evaluated the speed, memory requirements, and accuracy of sensing engines in various experiments. We have shown that Suricata will be able to handle larger traffic volumes than Snort with improved accuracy.

Keywords:

Intrusion Detection; Security; Suricata; Snort; Evaluation of performances; Accuracy of the Sensing Engines