Open Access
Subscription Access
Performance Evaluation of Different Pattern Matching Algorithms of Snort
Snort is the most widely deployed Network Intrusion Detection System (NIDS) whose performance is dominated by the pattern matching of packets in the network. In this paper, we present an experimental evaluation and comparison of the performance of different pattern matching algorithms of Snort NIDS namely ac-q, ac-bnfa, acsplit, ac-banded and ac-sparsebands on Linux Operating System (Ubuntu Server 16.04). Snort's performance is measured by subjecting the server running Snort v2.9.9.1 to live malicious traffic and a standard dataset. The performance is calculated and compared in terms of throughput, memory utilization and CPU utilization.
Keywords
Bnfa, D-ITG, NIDS, Pattern-Matching, Scapy, Snort, Sparsebands.
User
Font Size
Information
- .https://Snort-org-site.s3.amazonaws.com
- .Soumya Sen, "Performance Characterization & Improvement of Snort as an IDS," Bell Labs Report, 2006.
- .Martin Roesch, “Snort - lightweight intrusion detection for networks,” in Proceedings of the 13th Systems Administration Conference. 1999, USENIX.
- .https://s3.amazonaws.com/Snort-orgsite/ production/document_files/files/000/000/122/origi nal/Snort_2.9.9.x
- .Sarang Dharmapurikar and John Lockwood, “Fast and Scalable Pattern Matching for Network Intrusion Detection Systems”, in IEEE Journal on Selectedd Areas in Communications, vol. 24, no. 10, pp. 1781 1792, 2006.
- .Sarika Rameshwar Rathi, “Detecting Attack Packets by Using Darpa Dataset on Intrusion Detection System” in International Journal Of Engineering And Computer Science, International Journal Of Engineering And Computer Science, vol. 4, no. 2, pp. 10567-10569, 2015.
- .Yaron Weinsberg, Shimrit Tzur-David, Danny Dolev and Tal Anker High, “Performance String Matching Algorithm for a Network Intrusion Prevention System (NIPS)”, in IEEE workshop on High Performance of Switching and Routing, 2006.
- .R. Hamsaveni and Dr. G. Gunasekaran, “A Secured Pattern Matching Technique for Intrusion Detection System in Wireless Sensor Network”, in International Journal of Computer Networks and Wireless Communications, vol. 6, no. 3, pp. 34-41, 2016.
- .Qing-Xiu Wu, “The Network Protocol Analysis Technique in Snort”, in ELSEVIER on InternationalConference on Solid State Devices and Materials Science, 2012.
- . Huang Kun and Zhang DaFang, “An index-split Bloom filter for deep packet inspection”, in ACM Journal on Science China Information Sciences, vol. 54, no. 1, pp. 23-27, 2011.
- . Vasudha Bhardwaj and Vikram Garg, “Efficient Wu Manber String Matching Algorithm for Large Number of Patterns”, in International Journal of Computer Applications, vol. 132, no. 17, pp. 29-33, 2015.
- . Christopher V. Kopek, Errin W. Fulp and Patrick S. Wheeler, “Distributed Data Parallel Techniques for Content-Matching Intrusion Detection Systems”, in proc. of IEEE on Military Communications Conference, 2007.
- . N. Khamphakdee, N. Benjamas and S. Saiyod“ Improving Intrusion Detection System Based on Snort Rules for Network Probe Attack Detection”, in IEEE on 2nd International Conference on Information and Communication Technology (ICoICT), 2014.
- . https://www.usma.edu/crc/SitePages/DataSets.aspx
- . https://Scapy.net
- . http://www.grid.unina.it/software/ITG
Abstract Views: 182
PDF Views: 2