Analysis of Various Intrusion Detection Systems with a Model for Improving Snort Performance

Abstract

Objectives: To assess various Intrusion Detection Systems (IDS) against various types of attacks in different environments like Web, Enterprise, Cloud, etc. and to propose architecture for improving the Snort based IDS performance during typical attacks. Methods: Analytical approach was used to survey various research papers in this field of research. Findings: In this research, various approaches of IDS were analysed in various aspects like Detection Accuracy, False Alarm Rate, Scalability and Capability of detecting unknown attacks. Some approaches focused on particular type of issues while ignoring the others. This lead to performance degrading in several cases which is not tolerable in real time scenarios. Improvements: Among various studied approaches, we chose Snort based IDS to improve its performance in order to deploy in enterprise networks. Being an Open Source Software, Snort gives the flexibility to improve its functionality. We propose architecture to improve Snort's detection rate and to reduce the packet drops during critical attacks like Port Scanning, DoS, DDoS Attacks, etc.