A Comparative Analysis of the Snort and Suricata Intrusion-Detection Systems

Abstract

Our research focuses on comparing the performance of two open-source intrusion-detection systems, Snort and Suricata, for detecting malicious activity on computer networks. Snort, the de-facto industry standard open-source solution, is a mature product that has been available for over a decade. Suricata, released two years ago, offers a new approach to signature-based intrusion detection and takes advantage of current technology such as process multithreading to improve processing speed. We ran each product on a multi-core computer and evaluated several hours of network traffic on the NPS backbone. We evaluated the speed, memory requirements, and accuracy of the detection engines in a variety of experiments. We conclude that Suricata will be able to handle larger volumes of traffic than Snort with similar accuracy, and thus recommend it for future needs at NPS since the Snort installation is approaching its bandwidth limits.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 2011
Accession Number
ADA552115

Entities

People

  • Eugene Albin

Organizations

  • Naval Postgraduate School

Tags

DTIC Thesaurus Topics

  • Application Protocols
  • Computer Network Security
  • Computer Networks
  • Computer Programs
  • Computer Science
  • Computers
  • Detection
  • Detectors
  • Information Science
  • Information Security
  • Intrusion
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Network Computing
  • Network Protocols
  • Operating Systems

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Facility/Structural Engineering.
  • Systems Analysis and Design