This project was designed to discover the relationship between the number of enabled rules maintained by Snort and the amount of computing resources necessary to operate this intrusion detection system (IDS) as a sensor. A physical environment was set up to loosely simulate a network and an IDS sensor monitoring it.
The experiment was conducted in five trials. A different number of Snort rules was enabled in each trial and the corresponding utilization of computing resources was measured. Remarkable variation and a clear trend of CPU usage were observed in the experiment.
RIIT '16 Proceedings of the 5th Annual Conference on Research in Information Technology
Arney, Chad A. and Wang, Xinli, "Active snort rules and the needs for computing resources: Computing resources needed to activate different numbers of snort rules" (2016). School of Technology Publications. 1.