Open AccessPerformance Study of Snort and Suricata for Intrusion Detection System
Author(s) -
Neha Sharma,
. Kavita,
Gaurav Aggarwal,
Saurabh Sharma
Publication year - 2021
Publication title -
iop conference series. materials science and engineering
Language(s) - English
Resource type - Journals
eISSN - 1757-899X
pISSN - 1757-8981
DOI - 10.1088/1757-899x/1099/1/012009
Subject(s) - multithreading , computer science , intrusion detection system , set (abstract data type) , thread (computing) , overhead (engineering) , human multitasking , anticipation (artificial intelligence) , event (particle physics) , operating system , physics , data mining , artificial intelligence , astrophysics , programming language , psychology , cognitive psychology
As of late, move to multitasking processors and thus applications using multithreaded structure has increased in an abrupt manner. There is a constant thought of using Network Intrusion Detection and Anticipation Systems (NIDPS) for multithreading. Suricata is an open source NIDPS that works on multithreading and is created by means of the (OISF) Open Information Security Forum. The paper depicts an analysis, including a progression of inventive tests to set up regardless of whether Suricata shows an expansion in precision and framework execution over the true norm, single strung Snort. Conclusions demonstrate that Snort has a lesser framework overhead than Suricata and this deciphers to less bogus rejections using a solitary center, focused condition. Be that as it may, Suricata is demonstrated to have more precision in conditions where many centers are accessible. Suricata is demonstrated to be adaptable through expanded execution when running on four centers; be that as it may, in any event, when working on four centers its capacity to process a 2Mb PCAP record is still not as much as Snort. With respect to this, no advantage is there to using multi-centers when working with a solitary condition of Snort.