Visible to the public Performance Analysis of IDS Snort and IDS Suricata with Many-Core Processor in Virtual Machines Against Dos/DDoS Attacks

TitlePerformance Analysis of IDS Snort and IDS Suricata with Many-Core Processor in Virtual Machines Against Dos/DDoS Attacks
Publication TypeConference Paper
Year of Publication2020
AuthorsFadhilah, D., Marzuki, M. I.
Conference Name2020 2nd International Conference on Broadband Communications, Wireless Sensors and Powering (BCWSP)
KeywordsCentral Processing Unit, composability, computer network security, DDoS, DDoS Attacks, denial-of-service attack, DoS, IDS, IDS Snort version, IDS Suricata, intrusion detection system, IP networks, many-core processor, microprocessor chips, multiprocessing systems, operating systems (computers), Performance analysis, physical machine, pubcrawl, resilience, Resiliency, Snort, Suricata, TCP Flood attack test, telecommunication traffic, Telecommunications, Testing, transport protocols, virtual machine, virtual machines, Virtual machining, Wireless communication, Wireless sensor networks
AbstractThe rapid development of technology makes it possible for a physical machine to be converted into a virtual machine, which can operate multiple operating systems that are running simultaneously and connected to the internet. DoS/DDoS attacks are cyber-attacks that can threaten the telecommunications sector because these attacks cause services to be disrupted and be difficult to access. There are several software tools for monitoring abnormal activities on the network, such as IDS Snort and IDS Suricata. From previous studies, IDS Suricata is superior to IDS Snort version 2 because IDS Suricata already supports multi-threading, while IDS Snort version 2 still only supports single-threading. This paper aims to conduct tests on IDS Snort version 3.0 which already supports multi-threading and IDS Suricata. This research was carried out on a virtual machine with 1 core, 2 core, and 4 core processor settings for CPU, memory, and capture packet attacks on IDS Snort version 3.0 and IDS Suricata. The attack scenario is divided into 2 parts: DoS attack scenario using 1 physical computer, and DDoS attack scenario using 5 physical computers. Based on overall testing, the results are: In general, IDS Snort version 3.0 is better than IDS Suricata. This is based on the results when using a maximum of 4 core processor, in which IDS Snort version 3.0 CPU usage is stable at 55% - 58%, a maximum memory of 3,000 MB, can detect DoS attacks with 27,034,751 packets, and DDoS attacks with 36,919,395 packets. Meanwhile, different results were obtained by IDS Suricata, in which CPU usage is better compared to IDS Snort version 3.0 with only 10% - 40% usage, and a maximum memory of 1,800 MB. However, the capabilities of detecting DoS attacks are smaller with 3,671,305 packets, and DDoS attacks with a total of 7,619,317 packets on a TCP Flood attack test.
Citation Keyfadhilah_performance_2020