Performance Evaluation Of Snort And Suricata Intrusion Detection Systems On Ubuntu Server

Network intrusion detection systems (NIDS) are emerging as a reliable solution in providing protection against threats to integrity and confidentiality of the information on the Internet. Two widely used open-source intrusion detection systems are Snort and Suricata. In this paper, Snort and Suricata are compared experimentally through a series of tests to identify more scalable and reliable IDS by putting the systems under high traffic. Results indicated that Snort had a lower system overhead than Suricata and utilized only one processor on a multi-core environment. However, Suricata evenly utilized all the processing elements of the multi-core environment and provided higher packet analysis rate. For malicious traffic, both Snort and Suricata dropped packets with Snort on the higher side for low traffic rate and size. But with large packet size and high rate of malicious input traffic, Suricata dropped more packets as compared to Snort. It was also observed that the memory utilization of Suricata depended on both the size of traffic and the amount of malicious traffic; whereas, memory utilization of Snort was independent of the input traffic.