PERFORMANCE AND ATTACK DETECTION ANALYSIS OF INTRUSION DETECTION AND PREVENTION SYSTEMS

V magistrskem delu so predstavljeni sistemi za zaznavanje in preprečevanje vdorov, njihova vloga pri zagotavljanju omrežne varnosti in spremljanju aktivnosti v omrežju. Opisane so najpogostejše delitve tovrstnih sistemov in glavne metode zaznavanja. V okviru magistrske naloge sta bila izvedena dva eksperimenta, ki sta proučevala vpliv dveh odprtokodnih rešitev Snort in Suricata, operacijskih sistemov Windows in Linux ter izvajanja različnih napadov na porabo sistemskih virov, odstotek zavrženih paketov in sposobnost zaznavanja napadov. Rezultati so na obeh platformah pokazali večjo obremenitev procesorja in pomnilnika Suricate pri vseh simuliranih napadih, vendar manjši odstotek zavrženih omrežnih paketov pri petih od šestih napadov v primerjavi z rešitvijo Snort. Primerjava sposobnosti zaznavanja vdorov ni pokazala razlik v številu zaznanih napadov obeh rešitev.This master thesis describes intrusion detection and prevention systems, how they are used to increase network security and monitor network traffic. The dissertation includes most common classifications of intrusion detection and prevention systems with main detection methodologies. Two experiments were run to evaluate the effects of open source intrusion detection and prevention systems Snort and Suricata, operating systems Windows, Linux and various attack types on system resource usage, dropped packets rate and ability to detect intrusions. The results showed that Suricata had higher CPU and RAM utilization than Snort in all cases on both operating systems but lower percentage of dropped packets when evaluated under five of six simulated attacks. Both products had the same number of correctly identified intrusions