Abstract
Driven by the high and diverse network traffic and increase in the number of active attackers, nearly every organization including government institutions and enterprises are forced to deploy Network Intrusion Detection and Prevention Systems (NIDPS). It becomes a challenging task for NIDPS to process high-speed traffic that results in packet drops and consequently leads to degraded system performance. Thus, necessitating the requirement to assess the NIDPS performance in terms of various parameters such as resource consumption, packet processing, packet drop rate, throughput, and latency. In this study, we scrutinized three Open-Source Intrusion Detection and Prevention Systems (IDPS) Snort (both variants: single-threaded and multi-threaded), Suricata, and Zeek; while, using similar performance parameters normally used to evaluate commercial IDPS solutions. Such a comprehensive performance review has not been considered in the prior works. We considered typical NIDPS deployment in Small and Medium-sized Enterprises (SMEs) and conducted system assessment by using variations of various factors such as packet capturing modules, detection engine algorithms, packet size, and ruleset size. Such a thorough analysis is expected to be of great value for both the practitioners and the researchers in the selection and further enhancement of optimum IDPS configuration as per their requirements.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.