Open Access Open Access  Restricted Access Subscription Access

Performance Evaluation of Different Pattern Matching Algorithms of Snort


Affiliations
1 Department of Computer Science & IT, University of Jammu, J & K, India
 

Snort is the most widely deployed Network Intrusion Detection System (NIDS) whose performance is dominated by the pattern matching of packets in the network. In this paper, we present an experimental evaluation and comparison of the performance of different pattern matching algorithms of Snort NIDS namely ac-q, ac-bnfa, acsplit, ac-banded and ac-sparsebands on Linux Operating System (Ubuntu Server 16.04). Snort's performance is measured by subjecting the server running Snort v2.9.9.1 to live malicious traffic and a standard dataset. The performance is calculated and compared in terms of throughput, memory utilization and CPU utilization.

Keywords

Bnfa, D-ITG, NIDS, Pattern-Matching, Scapy, Snort, Sparsebands.
User
Notifications
Font Size

  • .https://Snort-org-site.s3.amazonaws.com
  • .Soumya Sen, "Performance Characterization & Improvement of Snort as an IDS," Bell Labs Report, 2006.
  • .Martin Roesch, “Snort - lightweight intrusion detection for networks,” in Proceedings of the 13th Systems Administration Conference. 1999, USENIX.
  • .https://s3.amazonaws.com/Snort-orgsite/ production/document_files/files/000/000/122/origi nal/Snort_2.9.9.x
  • .Sarang Dharmapurikar and John Lockwood, “Fast and Scalable Pattern Matching for Network Intrusion Detection Systems”, in IEEE Journal on Selectedd Areas in Communications, vol. 24, no. 10, pp. 1781 1792, 2006.
  • .Sarika Rameshwar Rathi, “Detecting Attack Packets by Using Darpa Dataset on Intrusion Detection System” in International Journal Of Engineering And Computer Science, International Journal Of Engineering And Computer Science, vol. 4, no. 2, pp. 10567-10569, 2015.
  • .Yaron Weinsberg, Shimrit Tzur-David, Danny Dolev and Tal Anker High, “Performance String Matching Algorithm for a Network Intrusion Prevention System (NIPS)”, in IEEE workshop on High Performance of Switching and Routing, 2006.
  • .R. Hamsaveni and Dr. G. Gunasekaran, “A Secured Pattern Matching Technique for Intrusion Detection System in Wireless Sensor Network”, in International Journal of Computer Networks and Wireless Communications, vol. 6, no. 3, pp. 34-41, 2016.
  • .Qing-Xiu Wu, “The Network Protocol Analysis Technique in Snort”, in ELSEVIER on InternationalConference on Solid State Devices and Materials Science, 2012.
  • . Huang Kun and Zhang DaFang, “An index-split Bloom filter for deep packet inspection”, in ACM Journal on Science China Information Sciences, vol. 54, no. 1, pp. 23-27, 2011.
  • . Vasudha Bhardwaj and Vikram Garg, “Efficient Wu Manber String Matching Algorithm for Large Number of Patterns”, in International Journal of Computer Applications, vol. 132, no. 17, pp. 29-33, 2015.
  • . Christopher V. Kopek, Errin W. Fulp and Patrick S. Wheeler, “Distributed Data Parallel Techniques for Content-Matching Intrusion Detection Systems”, in proc. of IEEE on Military Communications Conference, 2007.
  • . N. Khamphakdee, N. Benjamas and S. Saiyod“ Improving Intrusion Detection System Based on Snort Rules for Network Probe Attack Detection”, in IEEE on 2nd International Conference on Information and Communication Technology (ICoICT), 2014.
  • . https://www.usma.edu/crc/SitePages/DataSets.aspx
  • . https://Scapy.net
  • . http://www.grid.unina.it/software/ITG

Abstract Views: 249

PDF Views: 2




  • Performance Evaluation of Different Pattern Matching Algorithms of Snort

Abstract Views: 249  |  PDF Views: 2

Authors

Abhigya Mahajan
Department of Computer Science & IT, University of Jammu, J & K, India
Alka Gupta
Department of Computer Science & IT, University of Jammu, J & K, India
Lalit Sen Sharma
Department of Computer Science & IT, University of Jammu, J & K, India

Abstract


Snort is the most widely deployed Network Intrusion Detection System (NIDS) whose performance is dominated by the pattern matching of packets in the network. In this paper, we present an experimental evaluation and comparison of the performance of different pattern matching algorithms of Snort NIDS namely ac-q, ac-bnfa, acsplit, ac-banded and ac-sparsebands on Linux Operating System (Ubuntu Server 16.04). Snort's performance is measured by subjecting the server running Snort v2.9.9.1 to live malicious traffic and a standard dataset. The performance is calculated and compared in terms of throughput, memory utilization and CPU utilization.

Keywords


Bnfa, D-ITG, NIDS, Pattern-Matching, Scapy, Snort, Sparsebands.

References