Browse > Article

A Comparative Study on Function and Performance of Snort and Suricata  

Jeong, Myeong Ki (성균관대학교 컴퓨터교육과)
Ahn, Seongjin (성균관대학교 컴퓨터교육과)
Park, Won Hyung (극동대학교 사이버안보학과)
Publication Information
Convergence Security Journal / v.14, no.5, 2014 , pp. 3-8 More about this Journal
Abstract
We have tried to compare two different IDSs which are widespread over the network administrator, Snort and Suricata, in functional and performance aspects. Specifically, we focused on analyzing upon what functions for detecting threat were added newly and what Multi-Threading introduced newly for Suricata has influenced in a performance aspect. As a result, we could discover that there are some features in Suricata which has never existed in Snort such as Protocol Identification, HTTP Normalizer & Parser, and File Identification. Also, It was proved that the gap of PPS(Packets Per Second) becomes wider, as the number of CPU Cores which are working increase. Therefore, we could conclude that Suricata can be an efficient alternative for Snort considering the result that Suricata is more effective quantitatively as well as qualitatively.
Keywords
Open Source NIDS; Snort; Suricata;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Jay Beale, James C. Foster, Jeffrey Posluns, Brian Caswell, '스노트 2.0 마술상자', 에이콘, 2003.
2 Albin Eugene, "A comparative analysis of the Snort and Suricata intrusion-detection systems", Master's thesis, NAVAL POSTGRADUATE SCHOOL, 2011.
3 Joshua S. White, Thomas T. Fitzsimmons, Jeanna N. Matthews, "Quantitive Anaylsis of Intrusion Detection Systems: Snortand Suricata", PROCEEDINGS - SPIE THE INTERNATIONAL SOCIETY FOR O, Vol. 8757, 2013.
4 김윤정, "2계층 구조의 탐지 규칙을 사용하는 탐지 기법 및 SNORT에의 구현", 정보기술논문지, Vol. 5, pp. 79-85, 2007.
5 김윤정, 박유미, "침입탐지시스템의 탐지모듈 성능개선 방안에 대한 연구", 정보기술논문지, Vol. 1, pp. 1-8, 2003.
6 손형서, 이성운, 김현성, "Rule Protecting Scheme for Snort", 한국정보기술응용학회학술대회, Vol. 2005, No. 1, pp. 259-262, 2005.