A Performance Analysis of Snort and Suricata Network Intrusion Detection and Prevention Engines

Day, David; Burns, Benjamin

DataSys 2023 Congress
June 26, 2023 to June 30, 2023 - Nice, Saint-Laurent-du-Var, France

AICT 2023, The Nineteenth Advanced International Conference on Telecommunications
ICIW 2023, The Eighteenth International Conference on Internet and Web Applications and Services
ICIMP 2023, The Eighteenth International Conference on Internet Monitoring and Protection
SMART 2023, The Twelfth International Conference on Smart Cities, Systems, Devices and Technologies
IMMM 2023, The Thirteenth International Conference on Advances in Information Mining and Management
INFOCOMP 2023, The Thirteenth International Conference on Advanced Communications and Computation
MOBILITY 2023, The Thirteenth International Conference on Mobile Services, Resources, and Users
SPWID 2023, The Ninth International Conference on Smart Portable, Wearable, Implantable and Disability-oriented Devices and Systems
ACCSE 2023, The Eighth International Conference on Advances in Computation, Communications and Services

ComputationWorld 2023 Congress
June 26, 2023 to June 30, 2023 - Nice, Saint-Laurent-du-Var, France

SERVICE COMPUTATION 2023, The Fifteenth International Conference on Advanced Service Computing
CLOUD COMPUTING 2023, The Fourteenth International Conference on Cloud Computing, GRIDs, and Virtualization
FUTURE COMPUTING 2023, The Fifteenth International Conference on Future Computational Technologies and Applications
COGNITIVE 2023, The Fifteenth International Conference on Advanced Cognitive Technologies and Applications
ADAPTIVE 2023, The Fifteenth International Conference on Adaptive and Self-Adaptive Systems and Applications
CONTENT 2023, The Fifteenth International Conference on Creative Content Technologies
PATTERNS 2023, The Fifteenth International Conference on Pervasive Patterns and Applications
COMPUTATION TOOLS 2023, The Fourteenth International Conference on Computational Logics, Algebras, Programming, Tools, and Benchmarking
BUSTECH 2023, The Thirteenth International Conference on Business Intelligence and Technology

NetWare 2023 Congress
September 25, 2023 to September 29, 2023 - Porto, Portugal

SENSORCOMM 2023, The Seventeenth International Conference on Sensor Technologies and Applications
SENSORDEVICES 2023, The Fourteenth International Conference on Sensor Device Technologies and Applications
SECURWARE 2023, The Seventeenth International Conference on Emerging Security Information, Systems and Technologies
AFIN 2023, The Fifteenth International Conference on Advances in Future Internet
CENICS 2023, The Sixteenth International Conference on Advances in Circuits, Electronics and Micro-electronics
ICQNM 2023, The Seventeenth International Conference on Quantum, Nano/Bio, and Micro Technologies
FASSI 2023, The Ninth International Conference on Fundamentals and Advances in Software Systems Integration
GREEN 2023, The Eighth International Conference on Green Communications, Computing and Technologies

NexTech 2023 Congress
September 25, 2023 to September 29, 2023 - Porto, Portugal

UBICOMM 2023, The Seventeenth International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies
ADVCOMP 2023, The Seventeenth International Conference on Advanced Engineering Computing and Applications in Sciences
SEMAPRO 2023, The Seventeenth International Conference on Advances in Semantic Processing
AMBIENT 2023, The Thirteenth International Conference on Ambient Computing, Applications, Services and Technologies
EMERGING 2023, The Fifteenth International Conference on Emerging Networks and Systems Intelligence
DATA ANALYTICS 2023, The Twelfth International Conference on Data Analytics
GLOBAL HEALTH 2023, The Twelfth International Conference on Global Health Challenges
CYBER 2023, The Eighth International Conference on Cyber-Technologies and Cyber-Systems

TrendNews 2023 Congress
September 25, 2023 to September 29, 2023 - Porto, Portugal

CORETA 2023, Advances on Core Technologies and Applications
DIGITAL 2023, Advances on Societal Digital Transformation

SocSys 2023 Congress
November 13, 2023 to November 17, 2023 - Valencia, Spain

PANDEMICS ANALYTICS 2023, International Conference on Pandemics Analytics
PREDICTION SOLUTIONS 2023, International Conference on Prediction Solutions for Technical and Societal Systems
SOCIETY TRENDS 2023, International Conference on Technical Advances and Human Consequences
MODERN SYSTEMS 2023, International Conference of Modern Systems Engineering Solutions

SoftNet 2023 Congress
November 13, 2023 to November 17, 2023 - Valencia, Spain

ICSEA 2023, The Eighteenth International Conference on Software Engineering Advances
ICSNC 2023, The Eighteenth International Conference on Systems and Networks Communications
CENTRIC 2023, The Sixteenth International Conference on Advances in Human-oriented and Personalized Mechanisms, Technologies, and Services
VALID 2023, The Fifteenth International Conference on Advances in System Testing and Validation Lifecycle
SIMUL 2023, The Fifteenth International Conference on Advances in System Simulation
SOTICS 2023, The Thirteenth International Conference on Social Media Technologies, Communication, and Informatics
INNOV 2023, The Twelfth International Conference on Communications, Computation, Networks and Technologies
HEALTHINFO 2023, The Eighth International Conference on Informatics and Assistive Technologies for Health-Care, Medical Support and Wellbeing

IARIA Congress 2023, The 2023 IARIA Annual Congress on Frontiers in Science, Technology, Services, and Applications
November 13, 2023 to November 17, 2023 - Valencia, Spain

ThinkMind // ICDS 2011, The Fifth International Conference on Digital Society // View article icds_2011_7_40_90007

A Performance Analysis of Snort and Suricata Network Intrusion Detection and Prevention Engines

Authors:
David Day
Benjamin Burns

Keywords: snort; suricata; performance; NIDS; NIDPS;

Abstract:
Recently, there has been shift to multi-core processors and consequently multithreaded application design. Multithreaded Network Intrusion Detection and Prevention Systems (NIDPS) are now being considered. Suricata is a multithreaded open source NIDPS, being developed via the Open Information Security Forum(OISF). It is increasing in popularity, as it free to use under the General Public Licence (GPL), with open source code. This paper describes an experiment, comprising of a series of innovative tests to establish whether Suricata shows an increase in accuracy and system performance over the de facto standard, single threaded NIDPS Snort. Results indicate that Snort has a lower system overhead than Suricata and this translates to fewer false negatives utilising a single core, stressed environment. However, Suricata is shown to be more accurate in environments where multi-cores are available. Suricata is shown to be scalable through increased performance when running on four cores; however, even when running on four cores its ability to process a 2Mb pcap file is still less than Snort. In this regard, there is no benefit to utilising multi-cores whenrunning a single instance of Snort.

Pages: 187 to 192

Publication date: February 23, 2011

Published in: conference

ISSN: 2308-3956

ISBN: 978-1-61208-116-8

Location: Gosier, Guadeloupe, France

Dates: from February 23, 2011 to February 28, 2011

SERVICES