Boosting throughput of Snort NIDS under Linux

Salah, Khaled; Qahtan, Abdullah

doi:10.1109/innovations.2008.4781733

Cited by 11 publications

(3 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They examine the performance of both systems as they scale system resources such as the number of CPU cores, the rule sets used and the workloads processed. There are other works that looks at measuring the intrusion detection capability as in [20], tweaking IDS performance as in [21], parallel design of IDS on many-core processors as in [22], an approach for unifying rule based deep packet inspection as in [23], a Better Snort Intrusion Detection/Prevention System (BSnort) that uses Aho-Corasick automaton as in [24], improving the accuracy of network intrusion detection systems as in [25], boosting throughput of Snort NIDS under Linux as in [26], evaluation studies of three IDS under various attacks and rule sets as in [27] etc.…”

Section: Related Work On Performance Comparisonmentioning

confidence: 99%

Performance comparison of intrusion detection systems and application of machine learning to Snort system

Shah

Issac

2018

Future Generation Computer Systems

163

View full text Add to dashboard Cite

This study investigates the performance of two open source intrusion detection systems (IDSs) namely Snort and Suricata for accurately detecting the malicious traffic on computer networks. Snort and Suricata were installed on two different but identical computers and the performance was evaluated at 10 Gbps network speed. It was noted that Suricata could process a higher speed of network traffic than Snort with lower packet drop rate but it consumed higher computational resources. Snort had higher detection accuracy and was thus selected for further experiments. It was observed that Snort triggered a high rate of false positive alarms. To solve this problem a Snort adaptive plug-in was developed. To select the best performing algorithm for the Snort adaptive plug-in, an empirical study was carried out with different learning algorithms and Support Vector Machine (SVM) was selected. A hybrid version of SVM and Fuzzy logic produced a better detection accuracy. But the best result was achieved using an optimized SVM with the firefly algorithm with FPR (false positive rate) as 8.6% and FNR (false negative rate) as 2.2%, which is a good result. The novelty of this work is the performance comparison of two IDSs at 10 Gbps and the application of hybrid and optimized machine learning algorithms to Snort.

show abstract

Section: Related Work On Performance Comparisonmentioning

confidence: 99%

Performance comparison of intrusion detection systems and application of machine learning to Snort system

Shah

Issac

2018

Future Generation Computer Systems

163

View full text Add to dashboard Cite

show abstract

“…The significant ones are as under: frag3, stream5, http_inspect, ftp_telnet, smtp, sfportscan, arpspoof, ssh, dns, imap, pop and reputation. The description of each of the preprocessor is very wide and beyond the scope of this research paper [5], [7]. …”

Section:  Packet Decodermentioning

confidence: 99%

“…One thing must be kept in notice before going further path names must be carefully learnt throughout the installation process and this tool management. The rest of installation is more or less same like the previous installation of the libdnet package [7], [11]. The snort is installed in /etc/snort directory.…”

Section: Snort Installationmentioning

confidence: 99%

The Implementation and Assessment of Snort Capabilities

Goel¹,

Vasishtha²

2017

IJCA

View full text Add to dashboard Cite

The attacks on computer networks are not a new deal. In general except for financial institutions and military or intelligence organizations nobody bothers about it. But in recent times it is being observing that it effects much more than the said calculations. Assuming that somebody (attacker) blocked the access of particular seller's website at peak times then it results that his customer would like to choose another seller's website whose outcome may result to tremendous loss of permanent seller. Likewise, there are many instances where the impact on network attacks has been observed from top notch to common people. Snort has emerged as a powerful solution to those organizations that could not spent much on purchasing licensed intrusion detection and prevention system as snort is free ware. This paper is aiding to popularize the techniques that can help everybody to identify and prevent from these attacks. The discussed medium in this paper is SNORT, an open source and powerful network intrusion detection and prevention tool.

show abstract