Overhead Evaluation in Real-Time Network Intrusion Detection System Using Snort

Abstract

A growing number of Internet threats have increased the need of applying a defense in depth concepts to protect the information contained on computer systems worldwide. Snort is a lightweight Network Intrusion Detection System (NIDS) that widely used in network security. However, to ensure that such an implementation is likely to be successful, the system must be tested to provide decision makers with assurance to reduce risks.Typically, NIDS residing on the edge of a network performs deep packet inspection on every packet that enters to the protected domain. Real-Time NIDS obviously place some additional overhead into the network traffic path. How much overhead introduced into the network traffic by introducing of real-time NIDS. A simulation methodology had been used to implements some experiments designed to evaluate Snort effect, measured by end-to-end delay-time introduced by the engine. These experiments proved that there is no noticeable effect introduced to the network traffic.