Performance Evaluation of Snort System

  • Kim, Wan-Kyung (Dept. of Computer Eng., Graduate School, Hannam University) ;
  • Soh, Woo-Young (Dept. of Computer Eng., Graduate School, Hannam University)
  • Published : 2007.08.31

Abstract

Most studies in the past in testing and benchmarking on Intrusion Detection System (IDS) were conducted as comparisons, rather than evaluation, on different IDSs. This paper presents the evaluation of the performance of one of the open source IDS, snort, in an inexpensive high availability system configuration. Redundancy and fault tolerance technology are used in deploying such IDS, because of the possible attacks that can make snort exhaust resources, degrade in performance and even crash. Several test data are used in such environment and yielded different results. CPU speed, Disk usage, memory utilization and other resources of the IDS host are also monitored. Test results with the proposed system configuration environment shows much better system availability and reliability, especially on security systems.

Keywords

References

  1. Snort's Documentation, URL:http://www.snort.org
  2. K. Kendall, 'A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems', M. Eng. Paper, MIT Department of Electrical Engineering and Computer Science, June 1999
  3. K. J. Das, 'Attack Development for Intrusion Detection Evaluation', M. Eng. Paper, MIT Department of Electrical Engineering and Computer Science, June 2000
  4. Richard Lippman, et al., 'The 1999 DARPA Off-Line Intrusion Detection Evaluation', submitted to Proceedings of 3rd International Workshop on Recent Advances in Intrusion Detection (RAID 2000)
  5. N. Puketza, et al., 'A Methodology for Testing Intrusion Detection System', Proc. 17th National Computer Security Conference, October 1994
  6. http://www.robertgraham.com/tmp/sidestep.html