Towards Analysis of the Performance of IDSs in Software-Defined Networks

As a promising technique for the design of 5G wireless networks, software-defined networks (SDNs) have been proposed. However, SDNs are vulnerable to most of the attacks that traditional networks are vulnerable to. Various techniques have been developed and designed to help in the detection as well as the prevention of various attacks. An intrusion detection system (IDS) is one of the common techniques used to detect malicious activity in a network. Intrusion detection systems have strengths and weaknesses when it comes to detecting intrusions. It becomes a challenging task for IDS to process any mixture of traffic that results in packet drop and delay. In this study, we scrutinized two open-source IDS, including Snort IDS and Zeek IDS, to assess the IDS performance in terms of various parameters such as detection rate, dropping rate, and latency. The method of detection was one of the main differences between Snort and Zeek. Zeek IDS uses an anomaly-based detection method as opposed to Snort IDS, which uses a signature-based detection method. Differences between them had an impact on the way network traffic was handled. Such a thought analysis is expected to be of great value in selection and further enhancement of IDS in SDN.