Analysis of Intrusion Detection System Performance for PSAD, Portsentry and Suricata
Tati Ernawati, Mochamad Fachmi Fachrozi, Diana Dwi Syaputri
Politeknik TEDC Bandung
Abstract
The security and confidentiality of data/information are a very important problem that requires awareness of the issue. Required a system capable of detecting the occurrence of adverse events intruder or a network. The purpose of this study is to analyze the performance of the IDS (PSAD, Portsentry and Suricata).The research results can be used as recommendations for users, especially network admins in selecting IDS software. The research methodology used is the Network Development Life Cycle (NDLC).The system is designed through several stages (system requirements analysis, system/software installation, configuration and testing software attacks).The system detects and monitors the number of suspicious activities that occur on the server (using a cloud service) or computer network. In the event of a threat, the system will issue a warning and keep records for analysis. The IDS performance tests are differentiated based on three types of attack (port scanning, DDoS SYN flood and brute force attack), the parameters tested include a speed of detection, detection accuracy and resources usage. Test results showed suricata and PSAD are superior in detection accuracy (100%). Suricata showed better performance in resources usage (average 1.64% CPU, 8.42% disk), portsentry is only superior to RAM usage (26.89%). PSAD was better in the speed of detection (average 4.21s.). The result concluded suricata and PSAD better performance to be used as network IDS.
Keywords: IDS, PSAD, Portsentry, Suricata, NDLC
Topic: Informatic and Information System