COMPARITIVE ANALYSIS OF OPEN-SOURCE INTRUSION DETECTION SYSTEMS AND SUGGESTED ENHANCEMENT

Abstract

Internet technology has made significant changes in our lives. With the passage of time, internet has become more advanced with the inclusion of numerous efficient and user-friendly services along with corresponding increase in the underlying bandwidth. Demand for securing the ever-growing the data network is becoming important to ensure that user security and privacy concerns are effectively mitigated. In this regard, Intrusion Detection System (IDS) is widely used for network monitoring and response to overcome the network security issues. IDS performance is highly impacted by factors such as the volume of network traffic, the number of traffic flows, the packet capturing and packet matching technique employed by IDS, and the network throughput in which the IDS is being deployed. In the given research, we are mainly concerned with open-source IDSs: Suricata, Snort and, Zeek along with their security testing and comparative performance analysis. We analyzed various factors including packet drop rate, usage of system resources, detection accuracy and packet processing which can limit the applicability of any IDS solution in an organization’s network. Moreover, we also considered a wideranging performance and security analysis via different configurations, flows and, attacks to review the security and performance impact on the tested solutions. Through our research, we concluded that the reviewed IDSs are not optimally configured by default. Moreover, performance improvements can be achieved through better configurations. Thus, our work is expected to be very beneficial to IDS developers and network administrators as it will help them in selecting optimal configurations for enhanced security