Evaluación de Snort y Suricata para la detección de sondeos de redes y ataques de denegación de servicio

Rudibel Perdigón-Llanes

doi:10.51252/rcsi.v2i2.363

Authors

Rudibel Perdigón-Llanes COPEXTEL S.A. Filial Pinar del Río https://orcid.org/0000-0001-7288-6224

DOI:

https://doi.org/10.51252/rcsi.v2i2.363

Keywords:

cybersecurity, pentest, performance, intrusion detection systems

Abstract

Intrusion detection systems are one of the most widely used tools to identify attacks or intrusions in data networks in order to ensure the confidentiality, availability and integrity of the information transmitted through them. Due to the complexity of its application in companies' cybersecurity schemes, it is necessary to carry out an objective evaluation of these solutions in order to select the tool that best suits the requirements of these organizations. The objective of this research is to quantitatively compare the performance of Snort and Suricata for the detection of network probes and denial of service attacks. The htop tool was used to test the performance of Snort and Suricata against network probes and denial of service attacks simulated with different Kali Linux applications. It was identified that Snort has a lower CPU consumption than Suricata during intrusion detection through signature analysis, however, Suricata showed better effectiveness rates. The results obtained contribute to decision making in relation to the selection, deployment and implementation of intrusion detection systems in business data networks.

References

Aludhilu, H., & Rodríguez-Puente, R. (2020). A Systematic Literature Review on Intrusion Detection Approaches. Revista Cubana de Ciencias Informáticas, 14(1), 58–78. http://scielo.sld.cu/scielo.php?pid=S2227-18992020000100058&script=sci_abstract&tlng=en

AlYousef, M. Y., & Abdelmajeed, N. T. (2019). Dynamically Detecting Security Threats and Updating a Signature-Based Intrusion Detection System’s Database. Procedia Computer Science, 159, 1507–1516. https://doi.org/10.1016/j.procs.2019.09.321

Arteaga Pucha, J. E. (2020). Evaluación de las funcionalidades de los sistemas de detección de intrusos basados en la red de plataformas open source utilizando la técnica de detección de anomalías. Latin-American Journal of Computing, 7(1), 49–64. https://doi.org/10.1016/j.procs.2019.09.321

Ashok, D., & Manikrao, V. (2015). Comparative study and analysis of network intrusion detection tools. International Conference on Applied and Theoretical Computing and Communication Technology. Davangere: IEEE, 312–315. https://doi.org/10.1109/ICATCCT.2015.7456901

Bijone, M. (2016). A Survey on Secure Network: Intrusion Detection & Prevention Approaches. American Journal of Information Systems, 4(3), 69–88. https://doi.org/10.12691/ajis-4-3-2

Bouziani, O., Benaboud, H., Chamkar, A. S., & Lazaar, S. (2019). A Comparative study of Open Source IDSs according to their Ability to Detect Attacks. 2nd International Conference on Networking, Information Systems & Security. Rabat: ACM, 1–5. https://doi.org/10.1145/3320326.3320383

Bustamante Garcia, S., Valles Coral, M. A., & Levano Rodriguez, D. (2020). Factores que contribuyen en la pérdida de información en las organizaciones. Revista Cubana de Ciencias Informáticas, 14(3), 148–165. https://rcci.uci.cu/?journal=rcci&page=article&op=view&path%5B%5D=1948&path%5B%5D=818

Caro Moreno, R. (2020). Despliegue y explotación de herramientas Open Source para la monitorización y gestión de eventos en un entorno virtualizado [Universidad de Cádiz]. http://hdl.handle.net/10498/23447

Divekar, A., Parekh, M., Savla, V., Mishra, R., & Shirole, M. (2018). Benchmarking datasets for Anomaly based Network Intrusion Detection: KDD CUP 99 alternatives. 3rd International Conference on Computing, Communication and Security (ICCCS), 1–8. https://doi.org/10.1109/CCCS.2018.8586840

Eset Security. (2021). Eset Security Report Latinoamérica 2021 (pp. 1–29). https://www.welivesecurity.com/wp-content/uploads/2021/06/ESET-security-report-LATAM2021.pdf

Fortinet. (2020). Threat Intelligence Insider Latin America 2020. https://www.fortinetthreatinsiderlat.com/en/Q2-2020/BR/html/trends#trends_position

Janampa Patilla, H., Huamani Santiago, H., & Meneses Conislla, Y. (2021). Snort Open Source como detección de intrusos para la seguridad de la infraestructura de red. Revista Cubana de Ciencias Informáticas, 15(3), 55–73. https://rcci.uci.cu/?journal=rcci&page=article&op=view&path%5B%5D=2042

Karim, I., Vien, Q.-T., Anh Le, T., & Mapp, G. (2017). A Comparative Experimental Design and Performance Analysis of Snort-Based Intrusion Detection System in Practical Computer Networks. Computers, 6(1). https://doi.org/10.3390/computers6010006

Kumar, D., & Singh, R. (2018). Comprehensive Review: Intrusion Detection System and Techniques. IOSR Journal of Computer Engineering, 18(4), 20–25. https://doi.org/10.9790/0661-1804032025

López-Avila, L., Acosta-Mendoza, N., & Gago-Alonso, A. (2020). Detección de anomalías basada en aprendizaje profundo: Revisión. Revista Cubana de Ciencias Informáticas, 13(3), 107–123. https://rcci.uci.cu/?journal=rcci&page=article&op=view&path%5B%5D=1874&path%5B%5D=779

Maciá-Fernández, G., Camacho, J., Magán-Carrión, R., Fuentes-García, M., García-Teodoro, P., & Theron, R. (2017). UGR’16: Un nuevo conjunto de datos para la evaluación de IDS de red. Jornadas de Ingeniería Telemática, 71–78. https://doi.org/10.4995/jitel2017.2017.6520

Maniriho, P., Mahoro, L. J., Niyigaba, E., Bizimana, Z., & Ahmad, T. (2020). Detecting Intrusions in Computer Network Traffic with Machine Learning Approaches. International Journal of Intelligent Engineering and Systems, 13(3), 433–445. https://doi.org/10.22266/IJIES2020.0630.39

Murphy, B. R. (2019). Comparing the performance of intrusion detection systems: snort and suricata [Colorado Technical University]. https://www.proquest.com/openview/885ab9a9d8f5c1b92d177780fbe81699/1?pq-origsite=gscholar&cbl=18750&diss=y

Olia Castellanos, L., & Milton García, B. (2020). Análisis y caracterización de conjuntos de datos para detección de intrusiones. Serie Científica de La Universidad de Las Ciencias Informáticas, 13(4), 39–52. https://publicaciones.uci.cu/index.php/serie/article/view/558

Park, W., & Ahn, S. (2017). Performance Comparison and Detection Analysis in Snort and Suricata Environment. Wireless Pers Commun, 94, 241–252. https://doi.org/10.1007/s11277-016-3209-9

Perdigón-Llanes, R. (2022). Suricata como detector de intrusos para la seguridad en redes de datos empresariales. Revista Ciencia UNEMI, 15(39), 44–53. https://doi.org/10.29076/issn.2528-7737vol15iss39.2022pp44-53p

Perdigón Llanes, R., & Orellana García, A. (2021). Sistemas para la detección de intrusiones en redes de datos de instituciones de salud. Revista Cubana de Informática Médica, 13(2). http://www.revinformatica.sld.cu/index.php/rcim/article/view/440

Perdigón Llanes, R., & Pérez Pino, T. M. (2020). Análisis holístico del impacto social de los negocios electrónicos en América Latina, de 2014 a 2019. Revista de Tecnología y Sociedad, 10(18). https://doi.org/10.32870/Pk.a10n18.459

Perdigón Llanes, R., & Ramírez Alonso, R. (2020). Plataformas de software libre para la virtualización de servidores en pequeñas y medianas empresas cubanas. Revista Cubana de Ciencias Informáticas, 14(1), 40–57. https://rcci.uci.cu/?journal=rcci&page=article&op=view&path%5B%5D=1901

Siddiqi, A. (2016). Performance Analysis of Open Source IDPS in Virtual Computing Environment [Northcentral University]. https://www.proquest.com/openview/decad1264757e8ac0c572441d0572fe9/1?cbl=18750&pq-origsite=gscholar

Solarte Martinez, G. R., Ocampo, C. A., & Castro Bermúdez, Y. V. (2017). Sistema de detección de intrusos en redes corporativas. Scientia et Technica, 22(1), 60–68. https://doi.org/10.22517/23447214.9105

Syed Ali Raza Shah, B. I. (2018). Performance comparison of intrusion detection systems and application of machine learning to Snort system. Future Generation Computer Systems, 80, 157–170. https://doi.org/10.1016/j.future.2017.10.016

Wang, X., Kordas, A., Hu, L., Gaedke, M., & Derrick. (2013). Administrative Evaluation of Intrusion Detection System. 2nd Annual Conference on Research in Information Technology, 47–52. https://doi.org/10.1145/2512209.2512216

World Economic Forum. (2020). The Global Risks Report 2020 (15th ed.). http://www3.weforum.org/docs/WEF_Global_Risk_Report_2020.pdf