Visible to the public Quality of Service (QoS) Comparison Analysis of Snort IDS and Bro IDS Application in Software Define Network (SDN) Architecture

TitleQuality of Service (QoS) Comparison Analysis of Snort IDS and Bro IDS Application in Software Define Network (SDN) Architecture
Publication TypeConference Paper
Year of Publication2019
AuthorsHendrawan, H., Sukarno, P., Nugroho, M. A.
Conference Name2019 7th International Conference on Information and Communication Technology (ICoICT)
Keywordsanomaly based detection method, Bro, bro IDS application, composability, computer network security, CPU usage, delays, existing network traffic, IDS, intrusion detection system, memory usage, network activity, network quality, Packet loss, packet loss parameters, pubcrawl, QoS, QoS measurement, quality of service, resilience, Resiliency, SDN, SDN architecture, service comparison analysis, signature based detection method, Snort, Snort IDS, software define network architecture, software defined networking, telecommunication traffic, Testing, Throughput, Tools
Abstract

Intrusion Detection system (IDS) was an application which was aimed to monitor network activity or system and it could find if there was a dangerous operation. Implementation of IDS on Software Define Network architecture (SDN) has drawbacks. IDS on SDN architecture might decreasing network Quality of Service (QoS). So the network could not provide services to the existing network traffic. Throughput, delay and packet loss were important parameters of QoS measurement. Snort IDS and bro IDS were tools in the application of IDS on the network. Both had differences, one of which was found in the detection method. Snort IDS used a signature based detection method while bro IDS used an anomaly based detection method. The difference between them had effects in handling the network traffic through it. In this research, we compared both tools. This comparison are done with testing parameters such as throughput, delay, packet loss, CPU usage, and memory usage. From this test, it was found that bro outperform snort IDS for throughput, delay , and packet loss parameters. However, CPU usage and memory usage on bro requires higher resource than snort.

DOI10.1109/ICoICT.2019.8835211
Citation Keyhendrawan_quality_2019