Performance Evaluation in High-Speed Networks by the Example of Intrusion Detection
This work addresses the need for clear performance evaluation procedures for network devices, specifically for researchers and practitioners in high-speed network security, but it appears incremental as it documents an existing approach without major innovations.
The paper tackled the problem of evaluating intrusion detection systems in high-throughput networks by testing Snort and Suricata in a realistic hardware setup, focusing on accuracy dependent on bandwidth, but did not report specific numerical results.
Purchase decisions for devices in high-throughput networks as well as scientific evaluations of algorithms and technologies need to be based in measurements and clear procedures. Therefore, evaluation of network devices and their performance in high-throughput networks is an important part of research. In this paper, we document our approach and show its applicability for our purpose in an evaluation of two of the most well-known and common open source intrusion detection systems, Snort and Suricata. We used a hardware network testing setup to ensure a realistic environment and documented our testing approach. In our work, we focus on accuracy of the detection especially dependent on bandwidth. We would like to pass on our experiences and considerations.