Title

Active snort rules and the needs for computing resources: Computing resources needed to activate different numbers of snort rules

Authors

Chad A. Arney, Michigan Technological UniversityFollow
Xinli Wang, Michigan Technological University

Document Type

Presentation

Publication Date

10-1-2016

Abstract

This project was designed to discover the relationship between the number of enabled rules maintained by Snort and the amount of computing resources necessary to operate this intrusion detection system (IDS) as a sensor. A physical environment was set up to loosely simulate a network and an IDS sensor monitoring it.

The experiment was conducted in five trials. A different number of Snort rules was enabled in each trial and the corresponding utilization of computing resources was measured. Remarkable variation and a clear trend of CPU usage were observed in the experiment.

Publisher's Statement

© 2016 Copyright held by the owner/author(s). Published by ACM New York.

Publication Title

RIIT '16 Proceedings of the 5th Annual Conference on Research in Information Technology

Recommended Citation

Arney, C. A., & Wang, X. (2016). Active snort rules and the needs for computing resources: Computing resources needed to activate different numbers of snort rules. RIIT '16 Proceedings of the 5th Annual Conference on Research in Information Technology, 54-54. http://doi.org/10.1145/2978178.2978189
Retrieved from: https://digitalcommons.mtu.edu/technology-p/1

Version

Publisher's PDF