research-article

A Comparative study of Open Source IDSs according to their Ability to Detect Attacks

Authors:

Ossama Bouziani,

Hafssa Benaboud,

Achraf Samir Chamkar,

Saiida LazaarAuthors Info & Claims

NISS '19: Proceedings of the 2nd International Conference on Networking, Information Systems & Security

Article No.: 51, Pages 1 - 5

https://doi.org/10.1145/3320326.3320383

Published: 27 March 2019 Publication History

Abstract

In this paper, we focus on the important role of intrusion detection systems for detecting unauthorized actions initiated from both internal and external network by collecting and monitoring network traffic. We give a study of the open source Next-Generation of IDS (SNORT, SURICATA, BRO). We test and compare their ability to detect attacks and performance by implementing the three IDSs individually.

References

[1]

G. Nadiammai and M. Hemalatha, "Effective approach toward intrusion detection system using data mining techniques," Egyptian Informatics Journal, vol. 15, no. 1, pp. 37--50, 2014.

[2]

P. Schwab, "The History of Intrusion Detection Systems (IDS) -- Part 1 Threat Stack," 2015.

[3]

U. Lindqvist and P. A. Porras, "Detecting computer and network misuse through the production-based expert system toolset (p-best)," in Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344), 1999, pp. 146--161.

[4]

A. Patcha and J.-M. Park, "An overview of anomaly detection techniques: Existing solutions and latest technological trends," Computer Networks, vol. 51, no. 12, pp. 3448--3470, 2007.

Digital Library

[5]

T.-H. Cheng, Y.-D. Lin, Y.-C. Lai, and P.-C. Lin, "Evasion techniques: Sneaking through your intrusion detection/prevention systems," IEEE Communications Surveys Tutorials, vol. 14, no. 4, pp. 1011--1020, 2012.

[6]

P. PWC, "Managing cyber risks in an interconnected world: Key findings from the global state of information security survey 2015", 2015."

[7]

Koch, Robert. 2011. Towards Next-Generation Intrusion Detection. 2011.

[8]

R.K Meena, H Kaur, K Sharma, S Kaur,S sharma. 2018." Integrated Next-Generation Network Security Model." 2018.

[9]

A. Boiko and V. Shendryk, "System integration and security of information systems," Procedia Computer Science, vol. 104, no. Supplement C, pp. 35--42, 2017, iCTE 2016, Riga Technical University, Latvia.

Digital Library

[10]

J. T. Rødfoss, "Comparison of open source network intrusion detection systems," Master's thesis, 2011.

[11]

G. Nadiammai and M. Hemalatha, "Effective approach toward intrusion detection system using data mining techniques," Egyptian Informatics Journal, vol. 15, no. 1, pp. 37--50, 2014.

[12]

Vern Paxson "BRO: A System for Detecting Network Intruders in Real-Time", January 26-29, 1998

[13]

Bilal Maqbool Beigh,Uzair Bashir,Manzoor Chachoo "Intrusion Detection and Prevention System: Issues and Challenges",2013

[14]

Kittikhun Thongkanchorn, Sudsanguan Ngamsuriyaroj, Vasaka Visoottiviseth "Evaluation Studies of Three Intrusion Detection Systems under Various Attacks and Rule Sets"

[15]

M. Faqih Ridho Fatah Yasin, S.T., M.T. Yusuf Sulistyo N, S.T., M.Eng "ANALYSIS AND EVALUATION SNORT, BRO, AND SURICATA AS INTRUSION DETECTION SYSTEM BASED ON LINUX SERVER",2014

[16]

Eugene Albin "A COMPARATIVE ANALYSIS OF THE SNORT AND SURICATA INTRUSION-DETECTION SYSTEMS", 2011

[17]

P. Mehra, "A brief study and comparison of snort and bro open source network intrusion detection systems," International Journal of Advanced Research in Computer and Communication Engineering, vol. 1, no. 6, pp. 383--386, 2012.

[18]

"Snort - Network Intrusion Detection and Prevention System." {Online}. Available:https://www.snort.org/

[19]

"Suricata | Open Source IDS / IPS / NSM engine." {Online}. Available: https://suricata-ids.org/

[20]

"Bro Manual --- Bro 2.5.1 documentation." {Online}. Available: https://www.bro.org/sphinx/

[21]

M. Pihelgas, R. Vaarandi, "A comparative analysis of open-source intrusion detection systems," Master'sThesis, Tallinn University of Technology, 2012.

Cited By

Index Terms

A Comparative study of Open Source IDSs according to their Ability to Detect Attacks
1. Computer systems organization
  1. Dependable and fault-tolerant systems and networks
    1. Redundancy
  2. Embedded and cyber-physical systems
    1. Embedded systems
    2. Robotics
2. Networks
  1. Network properties
    1. Network reliability

Recommendations

Performance Assessment of Open Source IDS for improving IoT Architecture Security implemented on WBANs
NISS '20: Proceedings of the 3rd International Conference on Networking, Information Systems & Security

The evolution of the IoT field and its strong presence in multiple domains has raised new security challenges and concerns, which explain the large number of existing studies on this phenomenon. Despite the fact that many security solutions have been ...
Study of snort-based IDS
ICWET '10: Proceedings of the International Conference and Workshop on Emerging Trends in Technology

General trend in industry is a shift from Intrusion Detection Systems (IDS) to Intrusion Prevention Systems (IPS). In this paper, we have investigated the motivations behind this trend. In addition, we have surveyed some of the available IDS/IPS tools. ...
Detecting, validating and characterizing computer infections in the wild
IMC '11: Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference

Although network intrusion detection systems (IDSs) have been studied for several years, their operators are still overwhelmed by a large number of false-positive alerts. In this work we study the following problem: from a large archive of intrusion ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

NISS '19: Proceedings of the 2nd International Conference on Networking, Information Systems & Security

March 2019

512 pages

ISBN:9781450366458

DOI:10.1145/3320326

Editors:
Badr Abouelmajd
FSR, Mohammed V University, Morocco
,
Mohamed Ben Ahmed
FSTT, Abdelmalek Essaâdi University, Morocco
,
Boudhir Anouar Abdelhakim
FSTT, Abdelmalek Essaâdi University, Morocco
,
Hassan El Ghazi
INPT, Morocco

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 March 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

NISS19

NISS19: Networking, Information Systems & Security

March 27 - 29, 2019

Rabat, Morocco

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

0
Total Citations
347
Total Downloads

Downloads (Last 12 months)30
Downloads (Last 6 weeks)4

Reflects downloads up to 26 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents