Abstract
Recently, crimes are cause in the internet by hacking to target one’s and the companies financial. Due to the massive crimes that are caused by digital convergence and ubiquitous IT system, it is clear that the amount of network packet which need to be processed are rising. The digital convergence and ubiquitous IT system caused the IDS (Intrusion Detection System) to process packets more than the past. Snort (version 2.x) is a leading open source IDS which has a long history but since it was built a long time ago, it has several limitations which are not fit for today’s requirements. Such as, it’s processing unit is in single threading. On the other hand, Suricara was built to cover Snorts these disadvantages. To cover massive amount of packets which are caused by digital convergence and ubiquitous IT system Suricata’s have the availability to process packets in multi-threading environment. In this paper we have analyzed and compared Snort and Suricata’s processing and detection rate to decide which is better in single threading or multi-threading environment.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Roesch, M. (1999). Snort: Lightweight intrusion detection for networks. vol. 229. Santa Clara, CA: Stanford Telecommunications Inc.
Zhou, Z., Zhongwen, C., & Tiecheng, Z. (2010). The study on network intrusion detection system of Snort. In 2010 2nd International Conference, IEEE.
Tjhai, G. C., Papadaki, M., Furnell, S. M., & Clarke, N. L. Investigating the problem of IDS false alarms: An experimental study using Snort. In International Information Security Conference.
DeLong, R. J., & Los Gatos, C. A. (2001). Structured exception-handling methods, apparatus, and computer program products. Sun Microsystems Inc.
Chakrabarti S., Chakraborty, M., & Mukhopadhyay, I. Study of snort-based IDS ICWET 10. In Proceedings of the International Conference and Workshop on Emerging Trends in Technology, pp. 43–47.
Norton, M., & Roelker, D. (2002). SNORT 2.0: Hi-performance multi-rule inspection engine. Columbia: Sourcefire Network Security Inc.
Day, D. & Burns, B. (2011). A performance analysis of Snort and Suricata network intrusion detection and prevention engines. In Fifth International Conference on Digital Society, Gosier, Guadeloupe, pp. 187–192.
Garcia-Teodoro, P., et al. (2009). Anomaly-based network intrusion detection: Techniques, systems and challenges. Computers & Security, 28(1), 18–28.
Caswell, B., Beale, J., & Baker, A. (2007). Snort IDS and IPS toolkit. New York: Syngress.
Damaye, S. (2011). Suricata-vs-Snort. Retrieved from www.aldeid.com/wiki/Suricata-vs-snort, October 2 2011.
Watchinski, M. (2011). Unusual snort performance stats. Retrieved October 2 2011 from comments.gmane.org/gmane.comp.security.ids.snort.general/30527.
Burks, D. (2014). Security onion: Peel back the layers of your network in minutes. Pittsburgh, PA: Software Engineering Institute.
Deuble, A. (2012). Detecting and preventing web application attacks with security onion. SANS Institute, 4(1), 26–33.
Bejtlich, R. (2013). The practice of network security monitoring: understanding incident detection and response. San Francisco: No Starch Press.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Park, W., Ahn, S. Performance Comparison and Detection Analysis in Snort and Suricata Environment. Wireless Pers Commun 94, 241–252 (2017). https://doi.org/10.1007/s11277-016-3209-9
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-016-3209-9