JOURNAL BROWSE
Search
Advanced SearchSearch Tips
A Comparative Study on Performance of Open Source IDS/IPS Snort and Suricata
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
 Title & Authors
A Comparative Study on Performance of Open Source IDS/IPS Snort and Suricata
Seok, Jinug; Choi, Moonseok; Kim, Jimyung; Park, Jonsung;
  PDF(new window)
 Abstract
Recent growth of hacking threats and development in software and technology put Network security under threat, In addition, intrusion, malware and worm virus have been increased due to the existence of variety of sophisticated hacking methods. The goal of this study is to compare Snort Alpha version with Suricata 2.0.11 version whereas previous study focuses on comparison between snort 2. x version under thread environment and Suricata under multi-threading environment. This thesis` experiment environment is set as followed. Intel (R) Core (TM) i5-4690 3. 50GHz (4threads) of CPU, 16GB of RAM, 3TB of Seagate HDD, Ubuntu 14.04 are used. According to the result, Snort Alpha version is superior to Suricata in performance, but Snort Alpha had some glitches when executing pcap files which created core dump errors. Therefore this experiment seeks to analyze which performs better between Snort Alpha version that supports multi packet processing threads and Suricata that supports multi-threading. Through this experiment, one can expect the better performance of beta and formal version of Snort in the future.
 Keywords
Snort;Suricata;IDS;IPS;Comparison of Performance;
 Language
Korean
 Cited by
 References
1.
왕종수.서두옥, "Sparse M2M 환경을 위한 DTMNs 라우팅 프로토콜," 디지털산업정보학회 논문지, 제10권, 제4호, 2014, p.12.

2.
최희식.조양현, "사물인터넷 보안 문제제기와 대안," 디지털산업정보학회 논문지, 제11권, 제1호, 2015, p.69.

3.
박우진.최석환.최윤호, "Suricata의 Multi-Threading 효율성에 관한 실험적 연구," 한국통신학회 하계종합학술발표회, Vol 2015, No 6, 2015, pp.874-875.

4.
정명기.안성진.박원형, "Snort와 Suricata의 탐지 기능과 성능에 대한 비교 연구," Convergence Security Journal, Vol 14, No 5, 2014, pp.4-8.

5.
유상규, "멀티코어 환경에서 다중 큐를 이용한 멀티 스레드 기반 IPS 시스템의 설계 및 구현," 서강대학교 정보통신대학원 석사학위 논문, 2013, pp 1-32.

6.
Albin Eugene, "A comparative analysis of the Snort and Suricata intrusion-detection systems," Master's thesis NAVAL POSTGRADUATE SCHOOL, 2011, pp.1-13.

7.
Denning, D. E, "An intrusion-detection model," IEEE Transactions on Software Engineering, 1987, pp.1-16.

8.
안성진.이경호.박원형, 보안관제학, 이한미디어, 고양, 2014, p. 223.

9.
Jay Beale.James C. Foster.Jeffrey Posluns.Brian Caswell, 스노트 2.0 마술상자, 에이콘, 서울, 2003, p. 30.

10.
Suricata, www.suricata-ids.org

11.
Snort, www.snort.org

12.
Emerging Threats ET Rule, https://rules.emergingthreats.net/open/suricata

13.
MCFP CTU PCAP, https://mcfp.felk.cvut.cz/publicDatasets