Performance evaluation comparison of Snort NIDS under Linux and Windows Server

“…An open-source "Snort"-based NIDS, i.e., S-NIDS, has recently emerged as a solution to protect the networks from various possible intrusions and attacks [10,12,18,21,22]. Snort uses a number of pattern matching algorithms such as Aho-Corasick, modified Wu-Manber and low memory key-word trie (lowmem) [23].…”

“…Snort uses a number of pattern matching algorithms such as Aho-Corasick, modified Wu-Manber and low memory key-word trie (lowmem) [23]. However, the most important and well-known fact is that the S-NIDS drops packets significantly when dealing with either a large amount of traffic, high speed or large packet size [12][13][14]18].…”

“…Specific technologies and methodologies were investigated in [24][25][26] to detect network attacks in real time by manipulating the S-NIDS for high-speed and heavy-traffic networks. A hybrid based NIDS combining network and host based IDS was evaluated in [12] using Linux OS against heavy and light incoming traffic with a network speed of 100 Mbps. Furthermore, a parallel technique for improving the NIDS performance was proposed in [27] with different parallelism levels and was then evaluated in [26] for TCP packets in both heavy and light incoming traffic.…”

“…Snort can be configured as either of the following: (i) a Packet Sniffer: Snort captures incoming and outgoing packets from the network and displays the packet details on the console; (ii) a Packet Logger: Snort captures and logs captured packet details in a text file; (iii) a Honeypot Monitor: Snort is able to deceive the hostile party; and (iv) a Network Intrusion Detection System (NIDS): Snort analyses the incoming and outgoing traffic against a set of rules to detect any intrusion in the network. Snort-based NIDS (S-NIDS) has been employed to protect the networks from various possible intrusions and attacks [10,12]. Despite its efficiency in enhancing the network security, the S-NIDS has been shown to perform well when the internet speed is slow with low load [12,13].…”

“…Snort-based NIDS (S-NIDS) has been employed to protect the networks from various possible intrusions and attacks [10,12]. Despite its efficiency in enhancing the network security, the S-NIDS has been shown to perform well when the internet speed is slow with low load [12,13]. However, with advanced technologies, the data rate keeps increasing and the network load becomes heavier in order to provide multiple services with multiple functionalities.…”

A Comparative Experimental Design and Performance Analysis of Snort-Based Intrusion Detection System in Practical Computer Networks

“…An open-source "Snort"-based NIDS, i.e., S-NIDS, has recently emerged as a solution to protect the networks from various possible intrusions and attacks [10,12,18,21,22]. Snort uses a number of pattern matching algorithms such as Aho-Corasick, modified Wu-Manber and low memory key-word trie (lowmem) [23].…”

“…Snort uses a number of pattern matching algorithms such as Aho-Corasick, modified Wu-Manber and low memory key-word trie (lowmem) [23]. However, the most important and well-known fact is that the S-NIDS drops packets significantly when dealing with either a large amount of traffic, high speed or large packet size [12][13][14]18].…”

“…Specific technologies and methodologies were investigated in [24][25][26] to detect network attacks in real time by manipulating the S-NIDS for high-speed and heavy-traffic networks. A hybrid based NIDS combining network and host based IDS was evaluated in [12] using Linux OS against heavy and light incoming traffic with a network speed of 100 Mbps. Furthermore, a parallel technique for improving the NIDS performance was proposed in [27] with different parallelism levels and was then evaluated in [26] for TCP packets in both heavy and light incoming traffic.…”

“…Snort can be configured as either of the following: (i) a Packet Sniffer: Snort captures incoming and outgoing packets from the network and displays the packet details on the console; (ii) a Packet Logger: Snort captures and logs captured packet details in a text file; (iii) a Honeypot Monitor: Snort is able to deceive the hostile party; and (iv) a Network Intrusion Detection System (NIDS): Snort analyses the incoming and outgoing traffic against a set of rules to detect any intrusion in the network. Snort-based NIDS (S-NIDS) has been employed to protect the networks from various possible intrusions and attacks [10,12]. Despite its efficiency in enhancing the network security, the S-NIDS has been shown to perform well when the internet speed is slow with low load [12,13].…”

“…Snort-based NIDS (S-NIDS) has been employed to protect the networks from various possible intrusions and attacks [10,12]. Despite its efficiency in enhancing the network security, the S-NIDS has been shown to perform well when the internet speed is slow with low load [12,13]. However, with advanced technologies, the data rate keeps increasing and the network load becomes heavier in order to provide multiple services with multiple functionalities.…”

A Comparative Experimental Design and Performance Analysis of Snort-Based Intrusion Detection System in Practical Computer Networks

Network Packet Analysis in Real Time Traffic and Study of Snort IDS During the Variants of DoS Attacks

Performance Analysis of Intrusion Detection Systems in Cloud-Based Systems