Performance Study of Snort and Suricata for Intrusion Detection System

Abstract

Abstract As of late, move to multitasking processors and thus applications using multithreaded structure has increased in an abrupt manner. There is a constant thought of using Network Intrusion Detection and Anticipation Systems (NIDPS) for multithreading. Suricata is an open source NIDPS that works on multithreading and is created by means of the (OISF) Open Information Security Forum. The paper depicts an analysis, including a progression of inventive tests to set up regardless of whether Suricata shows an expansion in precision and framework execution over the true norm, single strung Snort. Conclusions demonstrate that Snort has a lesser framework overhead than Suricata and this deciphers to less bogus rejections using a solitary center, focused condition. Be that as it may, Suricata is demonstrated to have more precision in conditions where many centers are accessible. Suricata is demonstrated to be adaptable through expanded execution when running on four centers; be that as it may, in any event, when working on four centers its capacity to process a 2Mb PCAP record is still not as much as Snort. With respect to this, no advantage is there to using multi-centers when working with a solitary condition of Snort.