Performance Analysis and Comparison of Snort on Various Platforms

Snort has emerged as a reliable technology for identifying malicious activities in networks. In this paper, a systematic approach has been followed to estimate the performance offered by Snort, an open-source network intrusion detection and prevention system on different platforms. Extensive experiments are conducted on Windows Server 2016, Ubuntu Server 16.04 and Virtual Windows Server 2016 to identify the characteristics of the network traffic that affects Snort’s performance. The study establishes the incapacity of Snort to cope up with the large packet sizes and high-speed traffic. It is also found that Snort has tendency to drop packets on all the Servers for normal as well as malicious traffic but shows better performs on Ubuntu Server for both high-speed traffic and different packet sizes. The study experimentally exhibits poor performance of Snort on Virtual Windows Server.