Date of Graduation


Document Type


Degree Name

Bachelor of Science

Degree Level



Computer Science and Computer Engineering


Thompson, Dale

Committee Member/Reader

Nelson, Alexander

Committee Member/Second Reader

Jin, Kevin


Network Intrusion Detection Systems (NIDS) are one layer of defense that can be used to protect a network from cyber-attacks. They monitor a network for any malicious activity and send alerts if suspicious traffic is detected. Two of the most common open-source NIDS are Snort and Suricata. Snort was first released in 1999 and became the industry standard. The one major drawback of Snort has been its single-threaded architecture. Because of this, Suricata was released in 2009 and uses a multithreaded architecture. Snort released Snort 3 last year with major improvements from earlier versions, including implementing a new multithreaded architecture like Suricata. This paper compares Suricata and the new and improved Snort 3 based on their performance and alert behavior. Both NIDS were installed on the same system, configured with the default recommended configurations, used default rulesets, and evaluated the same malicious traffic. In this analysis, both NIDS performed very similar in their resource utilization, but when analyzing the malicious traffic, Suricata detected more attacks than Snort 3 using their standard rulesets.


NIDS, Snort, Suricata, performance, rules, comparison