A comparative experimental design and performance analysis of Snort-based Intrusion Detection System in practical computer networks

Karim, Imdadul and Vien, Quoc-Tuan and Le, Tuan Anh and Mapp, Glenford E. (2017) A comparative experimental design and performance analysis of Snort-based Intrusion Detection System in practical computer networks. Computers, 6 (1). pp. 1-15. ISSN 2073-431X

[img]
Preview
PDF - Published version (with publisher's formatting)
Available under License Creative Commons Attribution.

Download (489kB) | Preview

Abstract

As one of the most reliable technologies, network intrusion detection system (NIDS) allows the monitoring of incoming and outgoing traffic to identify unauthorised usage and mishandling of attackers in computer network systems. To this extent, this paper investigates the experimental performance of Snort-based NIDS (S-NIDS) in a practical network with the latest technology in various network scenarios including high data speed and/or heavy traffic and/or large packet size. An effective testbed is designed based on Snort using different muti-core processors, e.g., i5 and i7, with different operating systems, e.g., Windows 7, Windows Server and Linux. Furthermore, considering an enterprise network consisting of multiple virtual local area networks (VLANs), a centralised parallel S-NIDS (CPS-NIDS) is proposed with the support of a centralised database server to deal with high data speed and heavy traffic. Experimental evaluation is carried out for each network configuration to evaluate the performance of the S-NIDS in different network scenarios as well as validating the effectiveness of the proposed CPS-NIDS. In particular, by analysing packet analysis efficiency, an improved performance of up to 10% is shown to be achieved with Linux over other operating systems, while up to 8% of improved performance can be achieved with i7 over i5 processors.

Item Type: Article
Additional Information: Article Number = 6
Keywords (uncontrolled): network security; intrusion detection system; Snort; parallel processing; network traffic monitoring; experimental performance evaluation
Research Areas: A. > School of Science and Technology > Computer and Communications Engineering
Item ID: 21241
Notes on copyright: © 2017 by the authors; licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
Useful Links:
Depositing User: Quoc-Tuan Vien
Date Deposited: 08 Feb 2017 17:02
Last Modified: 06 Sep 2018 03:43
URI: http://eprints.mdx.ac.uk/id/eprint/21241

Actions (login required)

Edit Item Edit Item

Full text downloads (NB count will be zero if no full text documents are attached to the record)

Downloads per month over the past year