Open AccessEffectiveness of Intrusion Detection Systems in High-speed Networks
Author(s) -
Qinwen Hu,
Muhammad Rizwan Asghar,
Nevil Brownlee
Publication year - 2018
Publication title -
international journal of information, communication technology and applications
Language(s) - English
Resource type - Journals
ISSN - 2205-0930
DOI - 10.17972/ijicta20184138
Subject(s) - intrusion detection system , network packet , computer science , real time computing , drop (telecommunication) , intrusion , simulation , data mining , computer network , telecommunications , geochemistry , geology
Network Intrusion Detection Systems (NIDSs) play a crucial role in detecting malicious activities within networks. Basically, a NIDS monitors network flows and compares them with a set of pre-defined suspicious patterns. To be effective, different intrusion detection algorithms and packet capturing methods have been implemented. With rapidly increasing network speeds, NIDSs face a challenging problem of monitoring large and diverse traffic volumes; in particular, high packet drop rates can have a significant impact on detection accuracy. In this work, we investigate three popular open-source NIDSs: Snort, Suricata, and Bro along with their comparative performance benchmarks. We investigate key factors (including system resource usage, packet processing speed and packet drop rate) that limit the applicability of NIDSs to large-scale networks. Moreover, we also analyse and compare the performance of NIDSs when configurations and traffic volumes are changed.