Next Article in Journal
Assessing Efficiency of Prompts Based on Learner Characteristics
Previous Article in Journal
Grouped Bees Algorithm: A Grouped Version of the Bees Algorithm
Open AccessArticle

A Comparative Experimental Design and Performance Analysis of Snort-Based Intrusion Detection System in Practical Computer Networks

School of Science and Technology, Middlesex University, The Burroughs, London NW4 4BT, UK
*
Author to whom correspondence should be addressed.
Academic Editor: Yevgeniya Kovalchuk
Computers 2017, 6(1), 6; https://doi.org/10.3390/computers6010006
Received: 27 November 2016 / Revised: 31 January 2017 / Accepted: 4 February 2017 / Published: 7 February 2017
As one of the most reliable technologies, network intrusion detection system (NIDS) allows the monitoring of incoming and outgoing traffic to identify unauthorised usage and mishandling of attackers in computer network systems. To this extent, this paper investigates the experimental performance of Snort-based NIDS (S-NIDS) in a practical network with the latest technology in various network scenarios including high data speed and/or heavy traffic and/or large packet size. An effective testbed is designed based on Snort using different muti-core processors, e.g., i5 and i7, with different operating systems, e.g., Windows 7, Windows Server and Linux. Furthermore, considering an enterprise network consisting of multiple virtual local area networks (VLANs), a centralised parallel S-NIDS (CPS-NIDS) is proposed with the support of a centralised database server to deal with high data speed and heavy traffic. Experimental evaluation is carried out for each network configuration to evaluate the performance of the S-NIDS in different network scenarios as well as validating the effectiveness of the proposed CPS-NIDS. In particular, by analysing packet analysis efficiency, an improved performance of up to 10% is shown to be achieved with Linux over other operating systems, while up to 8% of improved performance can be achieved with i7 over i5 processors. View Full-Text
Keywords: network security; intrusion detection system; Snort; parallel processing; network traffic monitoring; experimental performance evaluation network security; intrusion detection system; Snort; parallel processing; network traffic monitoring; experimental performance evaluation
Show Figures

Figure 1

MDPI and ACS Style

Karim, I.; Vien, Q.-T.; Le, T.A.; Mapp, G. A Comparative Experimental Design and Performance Analysis of Snort-Based Intrusion Detection System in Practical Computer Networks. Computers 2017, 6, 6.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Search more from Scilit
 
Search
Back to TopTop