Performance evaluation of snort under windows 7 and windows server 2008

Khaled Salah; Mojeeb Al Rhman Al-Khiaty; Rashad Ahmed; Adnan Mahdi

Performance evaluation of snort under windows 7 and windows server 2008

Khaled Salah, Mojeeb Al Rhman Al-Khiaty, Rashad Ahmed, Adnan Mahdi

Computer & Communication Engineering

King Fahd University for Petroleum and Minerals (KFUPM)

Research output: Contribution to journal › Article › peer-review

5 Scopus citations

Abstract

Snort is the most widely deployed network intrusion detection system (NIDS) worldwide, with millions of downloads to date. PC-based Snort typically runs on either Linux or Windows operating systems. In this paper, we present an experimental evaluation and comparison of the performance of Snort NIDS when running under the two newly released operating systems of Windows 7 and Windows Server 2008. Snort's performance is measured when subjecting a PC host running Snort to both normal and malicious traffic. Snort's performance is evaluated and compared in terms of throughput and packet loss. In order to offer sound interpretations and get a better insight into the behaviour of Snort, we also measure the packet loss encountered at the kernel level. In addition, we study the impact of running Snort under different system configurations which include CPU scheduling priority given to user applications or kernel services, uni and multiprocessor environment, and processor affinity.

Original language	British English
Pages (from-to)	1605-1622
Number of pages	18
Journal	Journal of Universal Computer Science
Volume	17
Issue number	11
State	Published - 2011

Keywords

Experimental performance evaluation
Network security
Operating systems
Snort
Windows 2008
Windows 7

Cite this

@article{a4ddc3a9bfe74c2d98146a2d2419c55d,

title = "Performance evaluation of snort under windows 7 and windows server 2008",

abstract = "Snort is the most widely deployed network intrusion detection system (NIDS) worldwide, with millions of downloads to date. PC-based Snort typically runs on either Linux or Windows operating systems. In this paper, we present an experimental evaluation and comparison of the performance of Snort NIDS when running under the two newly released operating systems of Windows 7 and Windows Server 2008. Snort's performance is measured when subjecting a PC host running Snort to both normal and malicious traffic. Snort's performance is evaluated and compared in terms of throughput and packet loss. In order to offer sound interpretations and get a better insight into the behaviour of Snort, we also measure the packet loss encountered at the kernel level. In addition, we study the impact of running Snort under different system configurations which include CPU scheduling priority given to user applications or kernel services, uni and multiprocessor environment, and processor affinity.",

keywords = "Experimental performance evaluation, Network security, Operating systems, Snort, Windows 2008, Windows 7",

author = "Khaled Salah and Al-Khiaty, {Mojeeb Al Rhman} and Rashad Ahmed and Adnan Mahdi",

year = "2011",

language = "British English",

volume = "17",

pages = "1605--1622",

journal = "Journal of Universal Computer Science",

issn = "0958-695X",

publisher = "Technische Universitat Graz from Austria",

number = "11",

}

TY - JOUR

T1 - Performance evaluation of snort under windows 7 and windows server 2008

AU - Salah, Khaled

AU - Al-Khiaty, Mojeeb Al Rhman

AU - Ahmed, Rashad

AU - Mahdi, Adnan

PY - 2011

Y1 - 2011

N2 - Snort is the most widely deployed network intrusion detection system (NIDS) worldwide, with millions of downloads to date. PC-based Snort typically runs on either Linux or Windows operating systems. In this paper, we present an experimental evaluation and comparison of the performance of Snort NIDS when running under the two newly released operating systems of Windows 7 and Windows Server 2008. Snort's performance is measured when subjecting a PC host running Snort to both normal and malicious traffic. Snort's performance is evaluated and compared in terms of throughput and packet loss. In order to offer sound interpretations and get a better insight into the behaviour of Snort, we also measure the packet loss encountered at the kernel level. In addition, we study the impact of running Snort under different system configurations which include CPU scheduling priority given to user applications or kernel services, uni and multiprocessor environment, and processor affinity.

AB - Snort is the most widely deployed network intrusion detection system (NIDS) worldwide, with millions of downloads to date. PC-based Snort typically runs on either Linux or Windows operating systems. In this paper, we present an experimental evaluation and comparison of the performance of Snort NIDS when running under the two newly released operating systems of Windows 7 and Windows Server 2008. Snort's performance is measured when subjecting a PC host running Snort to both normal and malicious traffic. Snort's performance is evaluated and compared in terms of throughput and packet loss. In order to offer sound interpretations and get a better insight into the behaviour of Snort, we also measure the packet loss encountered at the kernel level. In addition, we study the impact of running Snort under different system configurations which include CPU scheduling priority given to user applications or kernel services, uni and multiprocessor environment, and processor affinity.

KW - Experimental performance evaluation

KW - Network security

KW - Operating systems

KW - Snort

KW - Windows 2008

KW - Windows 7

UR - http://www.scopus.com/inward/record.url?scp=80052917742&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:80052917742

SN - 0958-695X

VL - 17

SP - 1605

EP - 1622

JO - Journal of Universal Computer Science

JF - Journal of Universal Computer Science

IS - 11

ER -

Performance evaluation of snort under windows 7 and windows server 2008

Abstract

Keywords

Other files and links

Fingerprint

Cite this