Journal of Korea Society of Digital Industry and Information Management (디지털산업정보학회논문지)

Korea Society of Digital Industry and Information Management (디지털산업정보학회)
권호 표지
DOI QR코드

DOI QR Code

A Comparative Study on Performance of Open Source IDS/IPS Snort and Suricata

오픈소스 IDS/IPS Snort와 Suricata의 탐지 성능에 대한 비교 연구

  • 석진욱 (성균관대학교 정보통신대학원) ;
  • 최문석 (성균관대학교 정보통신대학원) ;
  • 김지명 (성균관대학교 정보통신대학원) ;
  • 박종순 (서일대학교 인터넷정보과)
  • Received : 2016.02.28
  • Accepted : 2016.03.20
  • Published : 2016.03.30
Download PDF
⟨ Previous Next ⟩

Abstract

Recent growth of hacking threats and development in software and technology put Network security under threat, In addition, intrusion, malware and worm virus have been increased due to the existence of variety of sophisticated hacking methods. The goal of this study is to compare Snort Alpha version with Suricata 2.0.11 version whereas previous study focuses on comparison between snort 2. x version under thread environment and Suricata under multi-threading environment. This thesis' experiment environment is set as followed. Intel (R) Core (TM) i5-4690 3. 50GHz (4threads) of CPU, 16GB of RAM, 3TB of Seagate HDD, Ubuntu 14.04 are used. According to the result, Snort Alpha version is superior to Suricata in performance, but Snort Alpha had some glitches when executing pcap files which created core dump errors. Therefore this experiment seeks to analyze which performs better between Snort Alpha version that supports multi packet processing threads and Suricata that supports multi-threading. Through this experiment, one can expect the better performance of beta and formal version of Snort in the future.

Keywords

References

  1. 왕종수.서두옥, "Sparse M2M 환경을 위한 DTMNs 라우팅 프로토콜," 디지털산업정보학회 논문지, 제10권, 제4호, 2014, p.12.
  2. 최희식.조양현, "사물인터넷 보안 문제제기와 대안," 디지털산업정보학회 논문지, 제11권, 제1호, 2015, p.69.
  3. 박우진.최석환.최윤호, "Suricata의 Multi-Threading 효율성에 관한 실험적 연구," 한국통신학회 하계종합학술발표회, Vol 2015, No 6, 2015, pp.874-875.
  4. 정명기.안성진.박원형, "Snort와 Suricata의 탐지 기능과 성능에 대한 비교 연구," Convergence Security Journal, Vol 14, No 5, 2014, pp.4-8.
  5. 유상규, "멀티코어 환경에서 다중 큐를 이용한 멀티 스레드 기반 IPS 시스템의 설계 및 구현," 서강대학교 정보통신대학원 석사학위 논문, 2013, pp 1-32.
  6. Albin Eugene, "A comparative analysis of the Snort and Suricata intrusion-detection systems," Master's thesis NAVAL POSTGRADUATE SCHOOL, 2011, pp.1-13.
  7. Denning, D. E, "An intrusion-detection model," IEEE Transactions on Software Engineering, 1987, pp.1-16.
  8. 안성진.이경호.박원형, 보안관제학, 이한미디어, 고양, 2014, p. 223.
  9. Jay Beale.James C. Foster.Jeffrey Posluns.Brian Caswell, 스노트 2.0 마술상자, 에이콘, 서울, 2003, p. 30.
  10. Suricata, www.suricata-ids.org
  11. Snort, www.snort.org
  12. Emerging Threats ET Rule, https://rules.emergingthreats.net/open/suricata
  13. MCFP CTU PCAP, https://mcfp.felk.cvut.cz/publicDatasets

Cited by

  1. 오픈소스 IDS/IPS Suricata를 적용한 Windows7과 Ubuntu 성능 비교 분석 vol.13, pp.4, 2016, https://doi.org/10.17662/ksdim.2017.13.4.141
  2. A survey on intrusion detection system and prerequisite demands in IoT networks vol.1916, pp.1, 2016, https://doi.org/10.1088/1742-6596/1916/1/012179