Performance evaluation comparison of Snort NIDS under Linux and Windows Server

Journal of Network and Computer Applications

Volumn 33, Issue 1, 2010, Pages 6-15

  Salah, K ^a   Kahtani, A ^a  

^a KING FAHD UNIVERSITY OF PETROLEUM AND MINERALS   (Saudi Arabia)

Author keywords

Experimental performance evaluation; Linux; Network security; Snort; Windows

Indexed keywords

CONFIGURABLE PARAMETER; CONFIGURATION OPTIONS; EXPERIMENTAL EVALUATION; EXPERIMENTAL PERFORMANCE EVALUATION; FINE-GRAINED CONTROL; KEY SYSTEMS; LINUX; LINUX KERNEL; MALICIOUS TRAFFIC; PACKET RECEPTION; PERFORMANCE EVALUATION; POPULAR PLATFORM; PROCESSOR SCHEDULING; SNORT; TRAFFIC LOADS; WINDOWS SERVERS;

AD HOC NETWORKS; INTERNET; NETWORK SECURITY; PACKET LOSS; WINDOWS;

WINDOWS OPERATING SYSTEM;

EID: 70349745178     PISSN: 10848045     EISSN: 10958592     Source Type: Journal    
DOI: 10.1016/j.jnca.2009.07.005     Document Type: Article

References (30)

1. Abbas S. Introducing multi-threaded solution to enhance the efficiency of snort. MS Thesis, Department of Computer Science, Florida State University, 2002.
2. Alder R., Babbin J., Doxtater A., Foster J.C., Kohlenberg T., and Rash M. Snort 2.1 intrusion detection. 2nd ed (2004), Syngress
3. Aldwairi M., Conte T., and Franzon P. Configurable string matching hardware for speeding up intrusion detection. ACM SIGARCH Computer Architecture News 33 1 (2005) 99-107
4. Baker Z, Prasanna K. High-throughput linked-patter matching for intrusion detection systems. In: Proceedings of the ACM/IEEE symposium on architectures for networking and communications system, ANCS'05, Princeton, NJ, 2005. p. 193-202.
5. Benvenuti C. Understanding Linux Network Internals (2005), O'Rilley Press
6. Biswas A, Sinha P. Efficient real-time Linux interface for PCI devices: a study on hardening a network intrusion detection system. In: Proceeding of the fifth system administration and network engineering conference, SANE 2006, May 15-19, 2006, Delft, The Netherlands.
7. Bovet D., and Cesati M. Understanding the Linux kernel. 3rd ed (2005), O'Rilley Press
8. Carr J. Snort: open source network intrusion prevention. eSecurityPlanet, June 5, 2007. Available at 〈http://www.esecurityplanet.com/article.php/11162_3681296_1〉
9. Cho Y., and Mangione-Smith W. Deep network packet filter design for reconfigurable devices. ACM Transactions on Embedded Computing Systems 7 2 (2008) Article 21, 26pp.
10. Coppens J, De Smet S, den Berghe S, De Turck F, Demeester P. Performance evaluation of a probabilistic packet filter optimization algorithm for high-speed network monitoring. In: Proceedings of the seventh IEEE conference on high speed networks and multimedia communications, HSNMC 2004, Toulouse, France, 2004. p. 120-31.
11. Deri L. nCap: wire-speed packet capture and transmission. In: Proceedings of the third IEEE/IFIP workshop on end-to-end monitoring techniques and services (E2EMON), Nice, France, 2005.
12. Emma D, Pescape A, Ventre G. D-ITG, distributed internet traffic generator. Available at 〈http://www.grid.unina.it/software/ITG〉.
13. Geschke D. Fast logging project for Snort, 2006. Available at 〈http://www.geschke-online.de/doc/index.html〉.
14. Lin C, Tai Y, Chang S. Optimization of pattern matching algorithm for memory based architecture. In: Proceedings of ACM/IEEE symposium on architectures for networking and communications system, ANCS'07, Orlando, FL, 2007. p. 11-6.
15. Markatos E, Antonatos S, Polychronakis M, Anagnostakis K. Exclusion-based signature matching for intrusion detection. In: Proceedings of the IASTED international conference on communications and computer networks, CCN, 2002.
16. Mitra A, Najjar W, Bhuyan L. Compiling PCRE to FPGA for accelerating Snort IDS. In: Proceedings of ACM/IEEE symposium on architectures for networking and communications system, ANCS'07, Orlando, FL, 2007. p. 127-35.
17. Olsson R. pktgen the Linux packet generator. In: Proceedings of Linux symposium, Ottawa, Canada, 2005.
18. Ramakrishnan K. Performance consideration in designing network interfaces. IEEE Journal on Selected Areas in Communications 11 2 (1993) 203-219
19. Rivest R.L. On the worst-case behavior of string-searching algorithms. SIAM Journal on Computing 6 4 (1977) 669-674
20. Salah K, Kahtani A. Improving Snort performance under Linux. IET Proceedings on Communications, in press.
21. Salim JH. Beyond Softnet. In: Proceedings of the fifth annual Linux showcase and conference, November 2001. p. 165-172.
22. Snort, 〈http://www.snort.org/〉.
23. Sourdis I, Dimopoulos V, Pnevmatikatos D, Vassiliadis S. Packet pre-filtering for network intrusion detection. In: Proceedings of the ACM/IEEE symposium on architectures for networking and communications system, ANCS'06, San Jose, California, 2006. p. 183-92.
24. The Snort Project, Snort Users Manual 2.81, March 12, 2008. Available at 〈http://www.snort.org/〉.
25. Turnbull J. Improving snort performance with barnyard. EnterpriseLinux.Com Magazine, 2007.
26. Vermeiren T, Borghs E, Haaodorens B. Evaluation of software techniques for parallel packet processing on multi-core processors. In: Proceedings of the first IEEE consumer communications and networking conference, CCNC 2004, Las Vegas, NV, 2004. p. 645-7.
27. Weinsberg Y, Tzur-David S, Dolev D, Anker T. One algorithm to match them all: on a generic NIPS pattern matching algorithm. In: Proceeding of the 2007 conference on high performance switching and routing (HPSR'07), Brooklyn Bridge, NY, 2007. p. 1-6.
28. Wu W., Crawford M., and Bowden M. The performance analysis of Linux networking-packet receiving. International Journal of Computer Communications, Elsevier Science 30 5 (2007) 1044-1057
29. Yu J., Xue Y., and Li J. Memory efficient string matching algorithm for network intrusion management system. Journal of Tsinghua Science and Technology 12 7 (2007) 585-593
30. Zander S, Kennedy D.d, Armitage G. KUTE-a high performance kernel-based UDP traffic engine. Technical Report 050118A, Center for Advanced Internet Architectures (CAIA).