Design Project



Supervisor: Stephen Neville,

SN1 Functional and Performance Analysis of SNORT Intrusion Detection System

With the increase in visibility of computer security incidents companies are moving towards protecting their computer networks with a variety of technologies. One such group of technologies is Intrusion Detection Systems (IDS). These systems come in a variety of different flavours and capabilities. One attack methodology is to overwhelm an IDS system such that it begins to miss attacks; hence, the performance characteristics of an IDS can be a significant comparison point in the deployment decisions. This project would be to analyze the performance and functional capabilities of the GNU project SNORT IDS. Operationally and scientifically valid performance evaluations of IDSs largely do not exist. The focus of this project would be the construction of a valid performance evaluation framework for the SNORT IDS (assumptions, testing metrics, testing process, instrumented code, background traffic generation, etc.) and the subsequent results of the performance evaluation. It is envisioned that through the performance analysis a strong understanding of the capabilities and limitation of this particular IDS would be obtained and as such these observations would form the core of the functional analysis portion of the project.