Performance evaluation of snort under windows 7 and windows server 2008

Journal of Universal Computer Science

Volumn 17, Issue 11, 2011, Pages 1605-1622

  Salah, Khaled ^a   Al Khiaty, Mojeeb Al Rhman ^b   Ahmed, Rashad ^b   Mahdi, Adnan ^b  

^a KHALIFA UNIVERSITY   (United Arab Emirates)

^b KING FAHD UNIVERSITY OF PETROLEUM AND MINERALS   (Saudi Arabia)

Author keywords

Experimental performance evaluation; Network security; Operating systems; Snort; Windows 2008; Windows 7

Indexed keywords

EID: 80052917742     PISSN: 0958695X     EISSN: 09486968     Source Type: Journal    
DOI: None     Document Type: Article

References (31)

1. [Abbas, 02] Abbas, S.: ''Introducing Multi-Threaded Solution to Enhance the Efficiency of Snort''; MS Thesis, Department of Computer Science, Florida State University, December (2002)
2. [Alder, 04] Alder, R., Babbin, J., Doxtater, A., Foster, J. C., Kohlenberg, T., Rash, M.: ''Snort 2.1 Intrusion Detection''; 2nd edition, Syngress (2004)
3. [Aldwairi, 05] Aldwairi, M., Conte, T., Franzon, P.: Configurable String Matching Hardware for Speeding up Intrusion Detection; ACM SIGARCH Computer Architecture News, 33, 1 (2005), 99-107.
4. [Baker, 05] Baker, Z., Prasanna, K.: ''High-throughput Linked-Patter Matching for Intrusion Detection Systems''; Proc. ANCS'05, ACM/IEEE Symposium on Architectures for Networking and Communications System, Princeton, New Jersey (2005), 193-202.
5. [Benvenuti, 05] Benvenuti, C.: ''Understanding Linux Network Internals''; O' Rilley Press (2005)
6. [Biswas, 06] Biswas, A., Sinha, P.: ''Efficient Real-Time Linux interface for PCI Devices: A Study on Hardening a Network Intrusion Detection System''; Proc. SANE 2006, the 5th System Administration and Network Engineering Conference, Delft, The Netherlands (2006).
7. [Bovet, 05] Bovet, D., Cesati, M.: ''Understanding the Linux Kernel''; 3rd Edition, O'Rilley Press (2005)
8. [Carr, 07] Carr, J.: ''Snort: Open Source Network Intrusion Prevention''; e Security Planet Article (2007), also appeared as electronic version, http://www.esecurityplanet.com/article.php/11162_3681296_1
9. [Cho, 08] Cho, Y., Mangione-Smith, W.: Deep Network Packet Filter Design for Reconfigurable Devices; ACM Transactions on Embedded Computing Systems, 7, 2 (2008), 452-461.
10. [Coppens, 04] Coppens, J., De Smet, S., den Berghe, S., De Turck, F., Demeester, P.: ''Performance Evaluation of a Probabilistic Packet Filter Optimization Algorithm for High- Speed Network Monitoring''; Proc. HSNMC'04, the 7th IEEE Conference on High Speed Networks and Multimedia Communications, Toulouse, France (2004), 120-131.
11. [Deri, 05] Deri, L.: ''nCap: Wire-Speed Packet Capture and Transmission''; Proc. E2EMON, the 3rd IEEE/IFIP Workshop on End-to-End Monitoring Techniques and Services, Nice, France (2005).
12. [Emma, 04] Emma, D., Pescape, A., Ventre, G.: ''D-ITG, Distributed Internet Traffic Generator''; 2004. Also available at http://www.grid.unina.it/software/ITG
13. [Geschke, 06] Geschke, D.: ''Fast Logging Project for Snort''; FLoP Report (2006), also appeared as electronic version, http://www.geschke-online.de/doc/index.html
14. [Lan, 03] Lan, K., Hussain, A., Dutta, D.: ''The effect of malicious traffic on the network''; Proc. PAM'03, San Diego, California (2003)
15. [Lin, 07] Lin, C., Tai, Y., Chang, S.: ''Optimization of Pattern Matching Algorithm for Memory Based Architecture''; Proc. ANCS'07, ACM/IEEE Symposium on Architectures for Networking and Communications System, Orlando, Florida (2007), 11-16.
16. [Markatos, 02] Markatos, E., Antonatos, S., Polychronakis, M., Anagnostakis, K.: ''Exclusionbased Signature Matching for Intrusion Detection''; Proc. CCN'02, IASTED International Conference on Communications and Computer Networks, Cambridge, Massachusetts, USA (2002), 146-152.
17. [Mitra, 07] Mitra, A., Najjar, W., Bhuyan, L.: ''Compiling PCRE to FPGA for Accelerating Snort IDS''; Proc. ANCS'07, ACM/IEEE Symposium on Architectures for Networking and Communications System, Orlando, Florida (2007), 127-135.
18. [Olsson, 05] Olsson, R.: ''pktgen the Linux Packet Generator''; Proc. Linux Symposium, Ottawa, Canada (2005)
19. [Ramakrishnan, 93] Ramakrishnan, K.: ''Performance Consideration in Designing Network Interfaces''; IEEE Journal on Selected Areas in Communications, 11, 2 (1993), 203-219.
20. [Rivest, 77] Rivest, R. L.: On the Worst-Case Behavior of String-Searching Algorithms; SIAM Journal on Computing, 6, 4 (1977), 669-674.
21. [Salah, 10]Salah, K., Kahtani, A.: ''Performance evaluation comparison of Snort NIDS under Linux and Windows Server''; Journal of Network and Computer Applications, 33, 1 (2010), 6-15.
22. [Salim, 01] Salim, J. H.: ''Beyond Softnet''; Proc. 5th Annual Linux Showcase and Conference, Oakland, California (2001), 165-172.
23. [Snort 08a] http://www.snort.org/
24. [Sort, 08b] The Snort Project, ''Snort Users Manual 2.81''; 2008, also appeared as electronic version, http://www.snort.org/
25. [Sourdis, 06] Sourdis, I., Dimopoulos, V., Pnevmatikatos, D., Vassiliadis, S.: ''Packet Pre-filtering for Network Intrusion Detection''; Proc. ANCS'06, ACM/IEEE Symposium on Architectures for Networking and Communications System, San Jose, California (2006), 83-192.
26. [Turnbull, 07] Turnbull, J.: ''Improving Snort Performance with Barnyard''; EnterpriseLinux.Com Magazine (2007), also appeared as electronic version, http://searchenterpriselinux.techtarget.com/tip/Improving-Snort-performance-with-Barnyard
27. [Vermeiren, 04] Vermeiren, T., Borghs, E., Haaodorens, B.: ''Evaluation of Software Techniques for Parallel Packet Processing on Multi-Core Processors''; Proc. 1st IEEE Consumer Communications and Networking Conference, CCNC, Las Vegas, Nevada (2004), 645-647.
28. [Weinsberg, 07] Weinsberg, Y., Tzur-David, S., Dolev, D., Anker, T.: ''One Algorithm to Match Them All: On a Generic NIPS Pattern Matching Algorithm''; Proc. HPSR'07, Conference on High Performance Switching and Routing, Brooklyn Bridge, New York (2007), 1-6.
29. [Wu, 07]Wu, W., Crawford, M., Bowden, M.: ''The Performance Analysis of Linux Networking - Packet Receiving''; International Journal of Computer Communications, Elsevier Science, 30, 5 (2007), 1044-1057.
30. [Yu, 07]Yu, J., Xue, Y., Li, J.: Memory Efficient String Matching Algorithm for Network Intrusion Management System; Journal of Tsinghua Science and Technology, 12, 7 (2007), 585-593.
31. [Zander, 05] Zander, S., Kennedy, D.d, Armitage, G.: ''KUTE - A High Performance Kernel-based UDP Traffic Engine''; CAIA (Center for Advanced Internet Architectures) Technical Report (2005), also appeared as electronic version, http://caia.swin.edu.au/reports/050118A/CAIA-TR-050118A.pdf