Abstract

Given competing claims, an objective head-to-head comparison of the performance of both the Snort R and Suricata Intrusion Detection Systems is needed. In this paper, we present a comprehensive quantitative comparison of the two systems. We have developed a rigorous testing framework that examines the performance of both systems as we scale system resources. Our results show that a single instance of Suricata is able to deliver substantially higher performance than a corresponding single instance of Snort. This paper describes in detail both the testing framework capabilities, tests performed and results found.