Performance Analysis of Intrusion Detection Systems

Abstract

Network Security is becoming an important issue for all the organizations, and with the increase in knowledge of hackers and intruders they have made many successful attempts to bring down high-profile company networks and web services. With the recent advances in the field of network security a technique called Intrusion Detection System are develop to further enhance and make your network secure. It is a way by which we can protect our internal network from outside attack, and can take appropriate action if needed. Using intrusion detection methods, information can be collected from known types of attack and can be used to detect if someone is trying to attack the network. Both open source and commercial tools are available for detecting intrusion in a network, many vulnerability assessment tools are also available in the market. Many techniques are there to detect intrusion in a network like signature matching, anomaly based and others. The work presented here discusses one of the techniques of signature matching in an open source intrusion detection system Snort. Another open source intrusion detection system Bro is also discussed. The main emphasis will be to explore and analyze Snort, and then based upon CPU utilization and memory constraints Performance Analysis of both the systems will be done. We will capture live traffic using Wireshark and then offline analysis of this captured data will be done in both the tools. During Snort exploration live traffic will also be analyzed.