Quality of Service (QoS) Comparison Analysis of Snort IDS and Bro IDS Application in Software Define Network (SDN) Architecture
Title | Quality of Service (QoS) Comparison Analysis of Snort IDS and Bro IDS Application in Software Define Network (SDN) Architecture |
Publication Type | Conference Paper |
Year of Publication | 2019 |
Authors | Hendrawan, H., Sukarno, P., Nugroho, M. A. |
Conference Name | 2019 7th International Conference on Information and Communication Technology (ICoICT) |
Keywords | anomaly based detection method, Bro, bro IDS application, composability, computer network security, CPU usage, delays, existing network traffic, IDS, intrusion detection system, memory usage, network activity, network quality, Packet loss, packet loss parameters, pubcrawl, QoS, QoS measurement, quality of service, resilience, Resiliency, SDN, SDN architecture, service comparison analysis, signature based detection method, Snort, Snort IDS, software define network architecture, software defined networking, telecommunication traffic, Testing, Throughput, Tools |
Abstract | Intrusion Detection system (IDS) was an application which was aimed to monitor network activity or system and it could find if there was a dangerous operation. Implementation of IDS on Software Define Network architecture (SDN) has drawbacks. IDS on SDN architecture might decreasing network Quality of Service (QoS). So the network could not provide services to the existing network traffic. Throughput, delay and packet loss were important parameters of QoS measurement. Snort IDS and bro IDS were tools in the application of IDS on the network. Both had differences, one of which was found in the detection method. Snort IDS used a signature based detection method while bro IDS used an anomaly based detection method. The difference between them had effects in handling the network traffic through it. In this research, we compared both tools. This comparison are done with testing parameters such as throughput, delay, packet loss, CPU usage, and memory usage. From this test, it was found that bro outperform snort IDS for throughput, delay , and packet loss parameters. However, CPU usage and memory usage on bro requires higher resource than snort. |
DOI | 10.1109/ICoICT.2019.8835211 |
Citation Key | hendrawan_quality_2019 |
- Snort
- QoS measurement
- quality of service
- resilience
- Resiliency
- SDN
- SDN architecture
- service comparison analysis
- signature based detection method
- QoS
- Snort IDS
- software define network architecture
- software defined networking
- telecommunication traffic
- testing
- Throughput
- tools
- pubcrawl
- packet loss parameters
- Packet loss
- network quality
- network activity
- memory usage
- intrusion detection system
- IDS
- existing network traffic
- delays
- CPU usage
- computer network security
- composability
- bro IDS application
- Bro
- anomaly based detection method