Intrusion detection engine comparison based on Snort

Misuse-based ofintrusion detection system is decidedby the performanceof its detection engine to a large extent.For satisfying the increasing network traffic and speed,design the high performance intrusion detection engine will become an urgent mission.The principle of Snort and detection engine classification were introduced at first,and then two kinds of latest detection engines were analyzed that realized in Snort2.0 and Snort-ng.Experimental results show that the detection engine in Snort2.0 is better than Snort-ng in the aspect of speed and memory consumption,but the detection engine in the Snort-ng finds a new way to design the intrusion detection engine,using as intrusion detection engine in the next generation Snort,which needs continuously perfect.