Improving the Database Logging Performance of the Snort Network Intrusion Detection Sensor
by Lambert Schaelicke, Matthew R. Geiger and Curt J. Freeland - Department of Computer Science and Engineering University of Notre Dame - Friday, 5 December 2003.
Network intrusion detection systems have become one of several invaluable tools to safeguard critical infrastructure and information. Publicly available network intrusion detection systems (NIDS) such as Snort and Bro as well as a large number of commercial systems complement other security mechanisms by passively monitoring a network link for possible intrusions and other security breaches. Alerts about possible violations are forwarded to security personal and are often also stored in databases for further analysis and correlation.

The performance of a NIDS can be described by its ability to detect true attacks in the stream of network traffic it observes. In addition to the sophistication of the intrusion detection algorithm employed, processing speed is a key consideration for the overall performance. If the NIDS is unable to process network traffic at the rate it arrives, packets are dropped and valuable information may be lost. Significant packet loss negatively affects the overall NIDS effectiveness.

The performance requirements of the popular Snort NIDS has been studied before. However, in addition to the performance of the NIDS sensor itself, the database that receives and stores alerts can play a role in determining overall performance. On a system under attack, the NIDS sensor can potentially generate a large number of alerts over a short period of time. If the database server is unable to absorb alerts at the offered rate, important alert data is lost and the entire intrusion detection system is rendered inefficient. This problem is compounded if multiple NIDS sensors report to the same database system.

Download the paper in PDF format here.

Spotlight

Email scammers stole $215M from businesses in 14 months

Posted on 29 January 2015.  |  In 14 months there have been nearly 1200 US and a little over 900 non-US victims of BEC scams, and the total money loss reached nearly $215 million.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Jan 30th
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //