Next Article in Journal
Assessing Efficiency of Prompts Based on Learner Characteristics
Previous Article in Journal
Grouped Bees Algorithm: A Grouped Version of the Bees Algorithm
Article Menu

Export Article

Open AccessArticle
Computers 2017, 6(1), 6; doi:10.3390/computers6010006

A Comparative Experimental Design and Performance Analysis of Snort-Based Intrusion Detection System in Practical Computer Networks

School of Science and Technology, Middlesex University, The Burroughs, London NW4 4BT, UK
*
Author to whom correspondence should be addressed.
Academic Editor: Yevgeniya Kovalchuk
Received: 27 November 2016 / Revised: 31 January 2017 / Accepted: 4 February 2017 / Published: 7 February 2017
View Full-Text   |   Download PDF [412 KB, uploaded 7 February 2017]   |  

Abstract

As one of the most reliable technologies, network intrusion detection system (NIDS) allows the monitoring of incoming and outgoing traffic to identify unauthorised usage and mishandling of attackers in computer network systems. To this extent, this paper investigates the experimental performance of Snort-based NIDS (S-NIDS) in a practical network with the latest technology in various network scenarios including high data speed and/or heavy traffic and/or large packet size. An effective testbed is designed based on Snort using different muti-core processors, e.g., i5 and i7, with different operating systems, e.g., Windows 7, Windows Server and Linux. Furthermore, considering an enterprise network consisting of multiple virtual local area networks (VLANs), a centralised parallel S-NIDS (CPS-NIDS) is proposed with the support of a centralised database server to deal with high data speed and heavy traffic. Experimental evaluation is carried out for each network configuration to evaluate the performance of the S-NIDS in different network scenarios as well as validating the effectiveness of the proposed CPS-NIDS. In particular, by analysing packet analysis efficiency, an improved performance of up to 10% is shown to be achieved with Linux over other operating systems, while up to 8% of improved performance can be achieved with i7 over i5 processors. View Full-Text
Keywords: network security; intrusion detection system; Snort; parallel processing; network traffic monitoring; experimental performance evaluation network security; intrusion detection system; Snort; parallel processing; network traffic monitoring; experimental performance evaluation
Figures

Figure 1

This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. (CC BY 4.0).

Scifeed alert for new publications

Never miss any articles matching your research from any publisher
  • Get alerts for new papers matching your research
  • Find out the new papers from selected authors
  • Updated daily for 49'000+ journals and 6000+ publishers
  • Define your Scifeed now

SciFeed Share & Cite This Article

MDPI and ACS Style

Karim, I.; Vien, Q.-T.; Le, T.A.; Mapp, G. A Comparative Experimental Design and Performance Analysis of Snort-Based Intrusion Detection System in Practical Computer Networks. Computers 2017, 6, 6.

Show more citation formats Show less citations formats

Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Related Articles

Article Metrics

Article Access Statistics

1

Comments

[Return to top]
Computers EISSN 2073-431X Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top