SoftNet 2016
August 21 - 25, 2016 - Rome, Italy

  • ICSEA 2016, The Eleventh International Conference on Software Engineering Advances
  • ICSNC 2016, The Eleventh International Conference on Systems and Networks Communications
  • CENTRIC 2016, The Ninth International Conference on Advances in Human-oriented and Personalized Mechanisms, Technologies, and Services
  • VALID 2016, The Eighth International Conference on Advances in System Testing and Validation Lifecycle
  • SIMUL 2016, The Eighth International Conference on Advances in System Simulation
  • SOTICS 2016,The Sixth International Conference on Social Media Technologies, Communication, and Informatics
  • INNOV 2016, The Fifth International Conference on Communications, Computation, Networks and Technologies
  • HEALTHINFO 2016, The First International Conference on Informatics and Assistive Technologies for Health-Care, Medical Support and Wellbeing

NexTech 2016
October 9 - 13, 2016 - Venice, Italy

  • UBICOMM 2016, The Tenth International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies
  • ADVCOMP 2016, The Tenth International Conference on Advanced Engineering Computing and Applications in Sciences
  • SEMAPRO 2016, The Tenth International Conference on Advances in Semantic Processing
  • AMBIENT 2016, The Sixth International Conference on Ambient Computing, Applications, Services and Technologies
  • EMERGING 2016, The Eighth International Conference on Emerging Networks and Systems Intelligence
  • DATA ANALYTICS 2016, The Fifth International Conference on Data Analytics
  • GLOBAL HEALTH 2016, The Fifth International Conference on Global Health Challenges
  • CYBER 2016, The First International Conference on Cyber-Technologies and Cyber-Systems

InfoWare 2016
November 13 - 17, 2016 - Barcelona, Spain

  • ICCGI 2016, The Eleventh International Multi-Conference on Computing in the Global Information Technology
  • ICWMC 2016, The Twelfth International Conference on Wireless and Mobile Communications
  • QoSE WMC 2016, The First International Workshop on QoS and Energy-aware Algorithms and Protocols in Wireless and Mobile Communications
  • VEHICULAR 2016, The Fifth International Conference on Advances in Vehicular Systems, Technologies and Applications
  • INTERNET 2016, The Eighth International Conference on Evolving Internet
  • COLLA 2016, The Sixth International Conference on Advanced Collaborative Networks, Systems and Applications
  • INTELLI 2016, The Fifth International Conference on Intelligent Systems and Applications
  • InManEnt 2016, The International Symposium on Intelligent Manufacturing Environments
  • VISUAL 2016, The First International Confernece on Applications and Systems of Visual Paradigms
  • HUSO 2016, The Second International Conference on Human and Social Analytics
  • BRAININFO 2016, The First International Conference on Neuroscience and Cognitive Brain Information

 


ThinkMind // ICDS 2011, The Fifth International Conference on Digital Society // View article icds_2011_7_40_90007


A Performance Analysis of Snort and Suricata Network Intrusion Detection and Prevention Engines

Authors:
David Day
Benjamin Burns

Keywords: snort; suricata; performance; NIDS; NIDPS;

Abstract:
Recently, there has been shift to multi-core processors and consequently multithreaded application design. Multithreaded Network Intrusion Detection and Prevention Systems (NIDPS) are now being considered. Suricata is a multithreaded open source NIDPS, being developed via the Open Information Security Forum(OISF). It is increasing in popularity, as it free to use under the General Public Licence (GPL), with open source code. This paper describes an experiment, comprising of a series of innovative tests to establish whether Suricata shows an increase in accuracy and system performance over the de facto standard, single threaded NIDPS Snort. Results indicate that Snort has a lower system overhead than Suricata and this translates to fewer false negatives utilising a single core, stressed environment. However, Suricata is shown to be more accurate in environments where multi-cores are available. Suricata is shown to be scalable through increased performance when running on four cores; however, even when running on four cores its ability to process a 2Mb pcap file is still less than Snort. In this regard, there is no benefit to utilising multi-cores whenrunning a single instance of Snort.

Pages: 187 to 192

Copyright: Copyright (c) IARIA, 2011

Publication date: February 23, 2011

Published in: conference

ISSN: 2308-3956

ISBN: 978-1-61208-116-8

Location: Gosier, Guadeloupe, France

Dates: from February 23, 2011 to February 28, 2011

SERVICES CONTACT
2010 - 2015 © ThinkMind. All rights reserved.
Read Terms of Service and Privacy Policy.