Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE credits
Context. The intrusion detection systems are being widely used for detecting the malicious
traffic in many industries and they use a variety of technologies. Each IDs had different
architecture and are deployed for detecting malicious activity. Intrusion detection system has
a different set of rules which can defined based on requirement. Therefore, choosing intrusion
detection system for and the appropriate environment is not an easy task.
Objectives. The goal of this research is to evaluate three most used open source intrusion
detection systems in terms of performance. And we give details about different types of attacks
that can be detected using intrusion detection system. The tools that we select are Snort,
Suricata, OSSEC.
Methods. The experiment is conducted using TCP, SCAN, ICMP, FTP attack. Each
experiment was run in different traffic rates under normal and malicious traffics all rule are
active. All these tests are conducted in a virtual environment.
Results. We can calculate the performance of IDS by using CPU usage, memory usage, packet
loss and a number of alerts generated. These results are calculated for both normal and
malicious traffic.
Conclusions. We conclude that results vary in different IDS for different traffic rates.
Specially snort showed better performance in alerts identification and OSSEC in the
performance of IDS. These results indicated that alerts are low when the traffic rates high are
which indicates this is due to the packet loss. Overall OSSEC provides better performance.
And Snort provides better performance and accuracy for alert detection.
2017. , p. 57
2017-05-31, 13:00, Blekinge Tekniska Högskola, 371 79 Karlskrona, karlskrona, 19:18 (English)