JUCS - Journal of Universal Computer Science 17(11): 1605-1622, doi: 10.3217/jucs-017-11-1605
Performance Evaluation of Snort under Windows 7 and Windows Server 2008
Khaled Salah‡, Mojeeb-Al-Rhman Al-Khiaty§, Rashad Ahmed§, Adnan Mahdi§‡ Khalifa University of Science, Sharjah, United Arab Emirates§ King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia
Corresponding author: Khaled Salah ( khaled.salah@kustar.ac.ae ) © Khaled Salah, Mojeeb-Al-Rhman Al-Khiaty, Rashad Ahmed, Adnan Mahdi. This article is freely available under the J.UCS Open Content License. Citation:
Salah K, Al-Khiaty M-A, Ahmed R, Mahdi A (2011) Performance Evaluation of Snort under Windows 7 and Windows Server 2008. JUCS - Journal of Universal Computer Science 17(11): 1605-1622. https://doi.org/10.3217/jucs-017-11-1605 |  |
Abstract
Snort is the most widely deployed network intrusion detection system (NIDS) worldwide, with millions of downloads to date. PC-based Snort typically runs on either Linux or Windows operating systems. In this paper, we present an experimental evaluation and comparison of the performance of Snort NIDS when running under the two newly released operating systems of Windows 7 and Windows Server 2008. Snort's performance is measured when subjecting a PC host running Snort to both normal and malicious traffic. Snort's performance is evaluated and compared in terms of throughput and packet loss. In order to offer sound interpretations and get a better insight into the behaviour of Snort, we also measure the packet loss encountered at the kernel level. In addition, we study the impact of running Snort under different system configurations which include CPU scheduling priority given to user applications or kernel services, uni and multiprocessor environment, and processor affinity.
Keywords
network security, Snort, operating systems, Windows 7, Windows 2008, Experimental Performance Evaluation