Analysis of Intrusion Detection System Performance for the Port Scan Attack Detector, Portsentry, and Suricata

Abstract

Abstract The purpose of this study is to analyze the performance of IDS (PSAD, Portsentry and Suricata). The research methodology used was the Network Development Life Cycle (NDLC). The system has designed through several stages (system requirements analysis, system/software installation, configuration and testing software attacks). The system detects and monitors the number of suspicious activities that occur on the server (using a cloud service) or computer network. In the event of a threat, the system will issue a warning and keep records for analysis. The IDS performance tests are differentiated based on three types of attack (port scanning, DDoS SYN flood and brute force attack), the parameters tested include a speed of detection, detection accuracy and resources usage. Test results showed Suricata and PSAD are superior in detection accuracy (100%). Suricata showed better performance in resources usage (average 1.64% CPU, 8.42% disk), portsentry is only superior to RAM usage (26.89%). PSAD was better in the speed of detection (average 4.21s.). The result concluded Suricata and PSAD better performance to be used as network IDS.