Publication: Evaluation studies of three intrusion detection systems under various attacks and rule sets
Issued Date
2013-12-01
Resource Type
ISSN
21593450
21593442
21593442
Other identifier(s)
2-s2.0-84894355725
Rights
Mahidol University
Rights Holder(s)
SCOPUS
Bibliographic Citation
IEEE Region 10 Annual International Conference, Proceedings/TENCON. (2013)
Suggested Citation
Kittikhun Thongkanchorn, Sudsanguan Ngamsuriyaroj, Vasaka Visoottiviseth Evaluation studies of three intrusion detection systems under various attacks and rule sets. IEEE Region 10 Annual International Conference, Proceedings/TENCON. (2013). doi:10.1109/TENCON.2013.6718975 Retrieved from: https://repository.li.mahidol.ac.th/handle/20.500.14594/31591
Research Projects
Organizational Units
Authors
Journal Issue
Thesis
Title
Evaluation studies of three intrusion detection systems under various attacks and rule sets
Other Contributor(s)
Abstract
This paper investigates the performance and the detection accuracy of three popular open-source intrusion detection systems: Snort, Suricata and Bro. We evaluate all systems using various attack types including DoS attack, DNS attack, FTP attack, Scan port attack, and SNMP attack. The experiments were run under different traffic rates and different sets of active rules. The performance metrics used are the CPU utilization, the number of packets lost, and the number of alerts. The results illustrated that each attack type had significant effects on the IDS performance. But, Bro showed better performance than other IDS systems when evaluated under different attack types and using a specific set of rules. The results also indicated the drop of the accuracy when the three IDS tools activate the full rule set. © 2013 IEEE.