NexComm 2016
February 21 - 25, 2016 - Lisbon, Portugal

ComputationWorld 2016
March 20 - 24, 2016 - Rome, Italy

DigitalWorld 2016
April 24 - 28, 2016 - Venice, Italy

DataSys 2016
May 22 - 26, 2016 - Valencia, Spain

InfoSys 2016
June 26 - 30, 2016 - Lisbon, Portugal

BioSciencesWorld 2016
June 26 - 30, 2016 - Lisbon, Portugal

NexTech 2016
October 9 - 13, 2016 - Venice
, Italy


ThinkMind // ICDS 2011, The Fifth International Conference on Digital Society // View article icds_2011_7_40_90007

A Performance Analysis of Snort and Suricata Network Intrusion Detection and Prevention Engines

David Day
Benjamin Burns

Keywords: snort; suricata; performance; NIDS; NIDPS;

Recently, there has been shift to multi-core processors and consequently multithreaded application design. Multithreaded Network Intrusion Detection and Prevention Systems (NIDPS) are now being considered. Suricata is a multithreaded open source NIDPS, being developed via the Open Information Security Forum(OISF). It is increasing in popularity, as it free to use under the General Public Licence (GPL), with open source code. This paper describes an experiment, comprising of a series of innovative tests to establish whether Suricata shows an increase in accuracy and system performance over the de facto standard, single threaded NIDPS Snort. Results indicate that Snort has a lower system overhead than Suricata and this translates to fewer false negatives utilising a single core, stressed environment. However, Suricata is shown to be more accurate in environments where multi-cores are available. Suricata is shown to be scalable through increased performance when running on four cores; however, even when running on four cores its ability to process a 2Mb pcap file is still less than Snort. In this regard, there is no benefit to utilising multi-cores whenrunning a single instance of Snort.

Pages: 187 to 192

Copyright: Copyright (c) IARIA, 2011

Publication date: February 23, 2011

Published in: conference

ISSN: 2308-3956

ISBN: 978-1-61208-116-8

Location: Gosier, Guadeloupe, France

Dates: from February 23, 2011 to February 28, 2011

2010 - 2014 © ThinkMind. All rights reserved.
Read Terms of Service and Privacy Policy.