Performance Comparison and Detection Analysis in Snort and Suricata Environment.

Park, Wonhyung; Ahn, Seongjin

Recently, crimes are cause in the internet by hacking to target one's and the companies financial. Due to the massive crimes that are caused by digital convergence and ubiquitous IT system, it is clear that the amount of network packet which need to be processed are rising. The digital convergence and ubiquitous IT system caused the IDS (Intrusion Detection System) to process packets more than the past. Snort (version 2.x) is a leading open source IDS which has a long history but since it was built a long time ago, it has several limitations which are not fit for today's requirements. Such as, it's processing unit is in single threading. On the other hand, Suricara was built to cover Snorts these disadvantages. To cover massive amount of packets which are caused by digital convergence and ubiquitous IT system Suricata's have the availability to process packets in multi-threading environment. In this paper we have analyzed and compared Snort and Suricata's processing and detection rate to decide which is better in single threading or multi-threading environment.

INTRUSION detection systems (Computer security); STOCHASTIC convergence; COMPUTER crimes; UBIQUITOUS computing; INFORMATION technology; COMPUTER hacking

Wireless Personal Communications, 2017, Vol 94, Issue 2, p241

0929-6212

Academic Journal

10.1007/s11277-016-3209-9