论文信息 - A Comparative Analysis of the Snort and Suricata Intrusion-Detection Systems

A Comparative Analysis of the Snort and Suricata Intrusion-Detection Systems

Abstract : Our research focuses on comparing the performance of two open-source intrusion-detection systems, Snort and Suricata, for detecting malicious activity on computer networks. Snort, the de-facto industry standard open-source solution, is a mature product that has been available for over a decade. Suricata, released two years ago, offers a new approach to signature-based intrusion detection and takes advantage of current technology such as process multithreading to improve processing speed. We ran each product on a multi-core computer and evaluated several hours of network traffic on the NPS backbone. We evaluated the speed, memory requirements, and accuracy of the detection engines in a variety of experiments. We conclude that Suricata will be able to handle larger volumes of traffic than Snort with similar accuracy, and thus recommend it for future needs at NPS since the Snort installation is approaching its bandwidth limits.

Eugene Albin

[1] Gabriel Maciá-Fernández,et al. Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[2] David J. Day,et al. A performance analysis of Snort and Suricata Network Intrusion Detection and Prevention Engines , 2011, ICDS 2011.

[3] Thomas Tenhunen. Implementing an Intrusion Detection System in the Mysea Architecture , 2008 .

[4] Gaurav Kumar,et al. Spectrum of Effective Security Trust Architecture to Manage the Interception of Packet Transmission in Value Added Networks , 2011 .

[5] Gordon E. Moore. Cramming more components onto integrated circuits With unit cost falling as the number of components per circuit rises , by 1975 economics may dictate squeezing as many as 65 , 000 components on a single silicon chip , .

[6] Mark Fabro,et al. Control Systems Cyber Security: Defense-in-Depth Strategies , 2006 .