Title :
Evaluation studies of three intrusion detection systems under various attacks and rule sets
Author :
Thongkanchorn, Kittikhun ; Ngamsuriyaroj, Sudsanguan ; Visoottiviseth, Vasaka
Author_Institution :
Fac. of Inf. & Commun. Technol., Mahidol Univ., Bangkok, Thailand
Abstract :
This paper investigates the performance and the detection accuracy of three popular open-source intrusion detection systems: Snort, Suricata and Bro. We evaluate all systems using various attack types including DoS attack, DNS attack, FTP attack, Scan port attack, and SNMP attack. The experiments were run under different traffic rates and different sets of active rules. The performance metrics used are the CPU utilization, the number of packets lost, and the number of alerts. The results illustrated that each attack type had significant effects on the IDS performance. But, Bro showed better performance than other IDS systems when evaluated under different attack types and using a specific set of rules. The results also indicated the drop of the accuracy when the three IDS tools activate the full rule set.
Keywords :
computer network security; public domain software; Bro; CPU utilization; DNS attack; DoS attack; FTP attack; IDS performance; SNMP attack; Scan port attack; Snort; Suricata; lost packets; open-source intrusion detection systems; performance metrics; rule sets; traffic rates; Accuracy; Computer crime; Intrusion detection; Packet loss; Telecommunication traffic; Bro; Intrusion Detection System; Performance Evaluation; Snort; Suricata;
Conference_Titel :
TENCON 2013 - 2013 IEEE Region 10 Conference (31194)
Conference_Location :
Xi´an
Print_ISBN :
978-1-4799-2825-5
DOI :
10.1109/TENCON.2013.6718975
