JUCS - Journal of Universal Computer Science 17(11): 1605-1622, doi: 10.3217/jucs-017-11-1605
Performance Evaluation of Snort under Windows 7 and Windows Server 2008
expand article infoKhaled Salah, Mojeeb-Al-Rhman Al-Khiaty§, Rashad Ahmed§, Adnan Mahdi§
‡ Khalifa University of Science, Sharjah, United Arab Emirates§ King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia
Open Access
Snort is the most widely deployed network intrusion detection system (NIDS) worldwide, with millions of downloads to date. PC-based Snort typically runs on either Linux or Windows operating systems. In this paper, we present an experimental evaluation and comparison of the performance of Snort NIDS when running under the two newly released operating systems of Windows 7 and Windows Server 2008. Snort's performance is measured when subjecting a PC host running Snort to both normal and malicious traffic. Snort's performance is evaluated and compared in terms of throughput and packet loss. In order to offer sound interpretations and get a better insight into the behaviour of Snort, we also measure the packet loss encountered at the kernel level. In addition, we study the impact of running Snort under different system configurations which include CPU scheduling priority given to user applications or kernel services, uni and multiprocessor environment, and processor affinity.
network security, Snort, operating systems, Windows 7, Windows 2008, Experimental Performance Evaluation