We apologize for a recent technical issue with our email system, which temporarily affected account activations. Accounts have now been activated. Authors may proceed with paper submissions. PhDFocusTM
CFP last date
20 December 2024
Call for Paper
January Edition
IJCA solicits high quality original research papers for the upcoming January edition of the journal. The last date of research paper submission is 20 December 2024

Submit your paper
Know more
The week's pick
Responsive image
Improved Shuffled Frog Leaping Algorithm with Self-Adaptive Shuffling for Fuzzy Logic PD+G Controller Optimization in Robotic Manipulators

Duc Hoang Nguyen
Random Articles
Reseach Article

Comparative Analysis of the Performance of Network Intrusion Detection Systems: Snort, Suricata and Bro Intrusion Detection Systems in Perspective

by Godwin Kudjo Bada, Williams Kwame Nabare, Daniel Kwame Kwansah Quansah
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 176 - Number 40
Year of Publication: 2020
Authors: Godwin Kudjo Bada, Williams Kwame Nabare, Daniel Kwame Kwansah Quansah
10.5120/ijca2020920513

Godwin Kudjo Bada, Williams Kwame Nabare, Daniel Kwame Kwansah Quansah . Comparative Analysis of the Performance of Network Intrusion Detection Systems: Snort, Suricata and Bro Intrusion Detection Systems in Perspective. International Journal of Computer Applications. 176, 40 ( Jul 2020), 39-44. DOI=10.5120/ijca2020920513

@article{ 10.5120/ijca2020920513,
author = { Godwin Kudjo Bada, Williams Kwame Nabare, Daniel Kwame Kwansah Quansah },
title = { Comparative Analysis of the Performance of Network Intrusion Detection Systems: Snort, Suricata and Bro Intrusion Detection Systems in Perspective },
journal = { International Journal of Computer Applications },
issue_date = { Jul 2020 },
volume = { 176 },
number = { 40 },
month = { Jul },
year = { 2020 },
issn = { 0975-8887 },
pages = { 39-44 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume176/number40/31471-2020920513/ },
doi = { 10.5120/ijca2020920513 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T00:40:59.787092+05:30
%A Godwin Kudjo Bada
%A Williams Kwame Nabare
%A Daniel Kwame Kwansah Quansah
%T Comparative Analysis of the Performance of Network Intrusion Detection Systems: Snort, Suricata and Bro Intrusion Detection Systems in Perspective
%J International Journal of Computer Applications
%@ 0975-8887
%V 176
%N 40
%P 39-44
%D 2020
%I Foundation of Computer Science (FCS), NY, USA
Abstract

There exists a number of intrusion detection systems particularly those that are open-source. These intrusion detection systems have their strengths and weaknesses when it comes to intrusion detection. This work compared the performance of open-source intrusion detection systems namely Snort, Suricata and Bro. The comparative analysis of these intrusion detection systems was carried out to present an independent view of their performance regarding intrusion detection. It took into consideration their effectiveness in detecting Denial of Service, probe, scan, User-to-Local and User-to-Root attacks and also detection accuracy in terms of false positive, false negative and true positive alarms. All three IDS were installed on virtual machines with the same specification with a network switch linking them to a target server in a virtual environment using maximum Ethernet speed of 5Gigabits per second (Gbps). False positive, false negative and true positive alarm rates of Snort, Suricata and Bro IDSs have also been determined in this work through the injection of normal and malicious attacks such as DoS, probe, scan and user-to-root. Transmission Control Protocol, User Datagram Protocol and Internet Control Message Protocol were the normal traffic used.

References
  1. Amira, S.A., Salama, M., Hassanien, A.E., Hanafi, S.E. & Tolba, M.F. (2013). "Multi-layer hybrid machine learning techniques for anomalies detection and classification approach". In. 13th International Conference on Hybrid Intelligent Systems (HIS) (pp. 215-220). IEEE.
  2. Bro-ids (2008). Bro-ids Technical Report. California: International Computer Science Institute.
  3. Bro-ids (2014). http://www.bro.org. Retrieved 8 22, 2017, from bro.org: http://www.bro.org
  4. Gerber, J. (2010, 08 26). http://blog.securitymonks.com. Retrieved 12 14, 2017, from securitymonks.com: http://www.securitymonks.com
  5. Johnson, K. (2008). Basic Analysis and Security Engine, Tech. Report.
  6. Mehra, P. (2012). A brief study and comparison of Snort and Bro Open Source Network Intrusion Detection System. International Journal of Advanced Research in Computer and Communication Engineering, 1 (6), 384-389.
  7. Moore, G. (1965). Cramming more components onto integrated circuits. IEEE, 11 (3), 114-117.
  8. Nielsen, J. (2010, 08 18). http://www.nngroup.com/articles/law-of-bandwidth. Retrieved 08 18, 2011, from http://www.nngroup.com
  9. Open Information Security Foundation (OISF). (2011, 04 05). www.openinfosecfoundation.org. Retrieved 12 10, 2017, from OISF Foundation web site: http://www.openinfosecfoundation
  10. Paxson, V. (1999). "Bro: a system for detecting network intruders in real-time,". Journal of Computer Networks, 31, 2435-2463.
  11. Ross, S. (2007). IS Security Matters. Information Systems Control Journal, 6, 14-19.
  12. Sourour, M., Adel, B. & Tarek, A. . (2009). Environmental awareness intrusion detection and prevention system toward reducing false positives and false negatives. In Proceedings of IEEE Symposium on Computational Intelligence in Cyber Security (CICS '09) (pp. 107 –114). Oslo: IEEE.
Index Terms

Computer Science
Information Sciences

Keywords

intrusion packets false-alarms vulnerabilities malicious denial-of-service

Powered by PhDFocusTM