Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Evaluation of Intrusion Detection Systems under Denial of Service Attack in virtual  Environment
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science and Engineering.
2017 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

Context. The intrusion detection systems are being widely used for detecting the malicious

traffic in many industries and they use a variety of technologies. Each IDs had different

architecture and are deployed for detecting malicious activity. Intrusion detection system has

a different set of rules which can defined based on requirement. Therefore, choosing intrusion

detection system for and the appropriate environment is not an easy task.

Objectives. The goal of this research is to evaluate three most used open source intrusion

detection systems in terms of performance. And we give details about different types of attacks

that can be detected using intrusion detection system. The tools that we select are Snort,

Suricata, OSSEC.

Methods. The experiment is conducted using TCP, SCAN, ICMP, FTP attack. Each

experiment was run in different traffic rates under normal and malicious traffics all rule are

active. All these tests are conducted in a virtual environment.

Results. We can calculate the performance of IDS by using CPU usage, memory usage, packet

loss and a number of alerts generated. These results are calculated for both normal and

malicious traffic.

Conclusions. We conclude that results vary in different IDS for different traffic rates.

Specially snort showed better performance in alerts identification and OSSEC in the

performance of IDS. These results indicated that alerts are low when the traffic rates high are

which indicates this is due to the packet loss. Overall OSSEC provides better performance.

And Snort provides better performance and accuracy for alert detection.

Place, publisher, year, edition, pages
2017. , p. 57
Keywords [en]
snort, suricata, ossec, intrusion detection system
National Category
Computer Engineering Computer Sciences
Identifiers
URN: urn:nbn:se:bth-15796OAI: oai:DiVA.org:bth-15796DiVA, id: diva2:1176622
Subject / course
DV2572 Master´s Thesis in Computer Science
Educational program
Civil Engineer in software Engineering
Presentation
2017-05-31, 13:00, Blekinge Tekniska Högskola, 371 79 Karlskrona, karlskrona, 19:18 (English)
Examiners
Available from: 2018-01-24 Created: 2018-01-22 Last updated: 2018-01-24Bibliographically approved

Open Access in DiVA

fulltext(845 kB)4107 downloads
File information
File name FULLTEXT02.pdfFile size 845 kBChecksum SHA-512
194f28ddd4f18a906c252d65fdfa9c2bc59ce61c512d4e983291b4eee9a5943b82fec40440fab4645ea58862b65201a82fb3ba2b069936acbe50b31109afb8ca
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
nagadevara, venkatesh
By organisation
Department of Computer Science and Engineering
Computer EngineeringComputer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 4107 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 563 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf