Effectiveness analysis of public rule sets used in snort intrusion detection system

Abstract

Snort is one of the most used open source intrusion detection systems today. It is also supported by a large number of open source rulesets. The purpose of this study is to test the effectiveness of the public rule sets developed for the Snort intrusion detection system against different types of attack traffic. For this purpose, by configuring the Snort attack detection system with different rule sets, experiments have been conducted to measure whether each rule set prevents different attack types such as CVE-referenced vulnerability exploitation attacks, web application attacks and malware traffics. During the experiments, the rule sets were tested separately as well as tests in which all the rule sets were used together. As a result of the experiments, it was observed that the most effective rule set when used alone was the Talos rule set, and the highest efficiency was achieved when all the rule sets were used together. © 2021 IEEE.