Date of Graduation
5-2022
Document Type
Thesis
Degree Name
Bachelor of Science
Degree Level
Undergraduate
Department
Computer Science and Computer Engineering
Advisor/Mentor
Thompson, Dale
Committee Member/Reader
Nelson, Alexander
Committee Member/Second Reader
Jin, Kevin
Abstract
Network Intrusion Detection Systems (NIDS) are one layer of defense that can be used to protect a network from cyber-attacks. They monitor a network for any malicious activity and send alerts if suspicious traffic is detected. Two of the most common open-source NIDS are Snort and Suricata. Snort was first released in 1999 and became the industry standard. The one major drawback of Snort has been its single-threaded architecture. Because of this, Suricata was released in 2009 and uses a multithreaded architecture. Snort released Snort 3 last year with major improvements from earlier versions, including implementing a new multithreaded architecture like Suricata. This paper compares Suricata and the new and improved Snort 3 based on their performance and alert behavior. Both NIDS were installed on the same system, configured with the default recommended configurations, used default rulesets, and evaluated the same malicious traffic. In this analysis, both NIDS performed very similar in their resource utilization, but when analyzing the malicious traffic, Suricata detected more attacks than Snort 3 using their standard rulesets.
Keywords
NIDS, Snort, Suricata, performance, rules, comparison
Citation
Hoover, C. (2022). Comparative Study of Snort 3 and Suricata Intrusion Detection Systems. Computer Science and Computer Engineering Undergraduate Honors Theses Retrieved from https://scholarworks.uark.edu/csceuht/105
Included in
Computer and Systems Architecture Commons, Digital Communications and Networking Commons, Information Security Commons, Software Engineering Commons, Systems Architecture Commons