Indian Journal of Science and Technology

Open Access Open Access  Restricted Access Subscription Access

Analysis of Various Intrusion Detection Systems with a Model for Improving Snort Performance


Affiliations
1 Department of Computer Science, Pondicherry University, Puducherry - 605014, India
 

Objectives: To assess various Intrusion Detection Systems (IDS) against various types of attacks in different environments like Web, Enterprise, Cloud, etc. and to propose architecture for improving the Snort based IDS performance during typical attacks. Methods: Analytical approach was used to survey various research papers in this field of research. Findings: In this research, various approaches of IDS were analysed in various aspects like Detection Accuracy, False Alarm Rate, Scalability and Capability of detecting unknown attacks. Some approaches focused on particular type of issues while ignoring the others. This lead to performance degrading in several cases which is not tolerable in real time scenarios. Improvements: Among various studied approaches, we chose Snort based IDS to improve its performance in order to deploy in enterprise networks. Being an Open Source Software, Snort gives the flexibility to improve its functionality. We propose architecture to improve Snort's detection rate and to reduce the packet drops during critical attacks like Port Scanning, DoS, DDoS Attacks, etc.

Keywords

Attacks, DoS Attacks, DDoS Attacks, Detection Accuracy, False Alarm Rate, Intrusion Detection System, Open Source Software, Port Scanning Attacks, Snort, Scalability.
User

Abstract Views: 188

PDF Views: 0




  • Analysis of Various Intrusion Detection Systems with a Model for Improving Snort Performance

Abstract Views: 188  |  PDF Views: 0

Authors

Ravi Teja Gaddam
Department of Computer Science, Pondicherry University, Puducherry - 605014, India
M. Nandhini
Department of Computer Science, Pondicherry University, Puducherry - 605014, India

Abstract


Objectives: To assess various Intrusion Detection Systems (IDS) against various types of attacks in different environments like Web, Enterprise, Cloud, etc. and to propose architecture for improving the Snort based IDS performance during typical attacks. Methods: Analytical approach was used to survey various research papers in this field of research. Findings: In this research, various approaches of IDS were analysed in various aspects like Detection Accuracy, False Alarm Rate, Scalability and Capability of detecting unknown attacks. Some approaches focused on particular type of issues while ignoring the others. This lead to performance degrading in several cases which is not tolerable in real time scenarios. Improvements: Among various studied approaches, we chose Snort based IDS to improve its performance in order to deploy in enterprise networks. Being an Open Source Software, Snort gives the flexibility to improve its functionality. We propose architecture to improve Snort's detection rate and to reduce the packet drops during critical attacks like Port Scanning, DoS, DDoS Attacks, etc.

Keywords


Attacks, DoS Attacks, DDoS Attacks, Detection Accuracy, False Alarm Rate, Intrusion Detection System, Open Source Software, Port Scanning Attacks, Snort, Scalability.



DOI: https://doi.org/10.17485/ijst%2F2017%2Fv10i20%2F156933