Performance Evaluation of Different Pattern Matching Algorithms of Snort

Snort is the most widely deployed Network Intrusion Detection System (NIDS) whose performance is dominated by the pattern matching of packets in the network. In this paper, we present an experimental evaluation and comparison of the performance of different pattern matching algorithms of Snort NIDS...

Full description

Saved in:
Bibliographic Details
Published inInternational journal of advanced networking and applications Vol. 10; no. 2; pp. 3776 - 3781
Main Authors Mahajan, Abhigya, Gupta, Alka, Sen Sharma, Lalit
Format Journal Article
LanguageEnglish
Published Eswar Publications 01.09.2018
Subjects
Algorithms
Communication
Computer science
Cybersecurity
Datasets
Engineering
Intrusion detection systems
Linux
Pattern analysis
Pattern matching
Performance evaluation
Syntax
Teaching
Wireless networks
India
Kashmir India
Online AccessGet full text
ISSN0975-0290
0975-0282
0975-0282
DOI10.35444/IJANA.2018.10024

Cover

More Information
Summary:Snort is the most widely deployed Network Intrusion Detection System (NIDS) whose performance is dominated by the pattern matching of packets in the network. In this paper, we present an experimental evaluation and comparison of the performance of different pattern matching algorithms of Snort NIDS namely ac-q, ac-bnfa, acsplit, ac-banded and ac-sparsebands on Linux Operating System (Ubuntu Server 16.04). Snort's performance is measured by subjecting the server running Snort v2.9.9.1 to live malicious traffic and a standard dataset. The performance is calculated and compared in terms of throughput, memory utilization and CPU utilization.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:0975-0290
0975-0282
0975-0282
DOI:10.35444/IJANA.2018.10024