Document Type


Publication Date



This project was designed to discover the relationship between the number of enabled rules maintained by Snort and the amount of computing resources necessary to operate this intrusion detection system (IDS) as a sensor. A physical environment was set up to loosely simulate a network and an IDS sensor monitoring it.

The experiment was conducted in five trials. A different number of Snort rules was enabled in each trial and the corresponding utilization of computing resources was measured. Remarkable variation and a clear trend of CPU usage were observed in the experiment.

Publisher's Statement

© 2016 Copyright held by the owner/author(s). Published by ACM New York.

Publication Title

RIIT '16 Proceedings of the 5th Annual Conference on Research in Information Technology


Publisher's PDF