Intrusion Detection Systems' Performance for Distributed Denial-of-Service Attack

Intrusion Detection Systems (IDSs) are signature-based software tools that provide mechanisms for detection and analysis of network intrusions. Using an experimental scenario and real traffic collected at a higher education institution in Brazil, we evaluate the performance of Snort and Suricata IDSs for detection of current Distributed Denial-of-Services attack (Slowloris). Our study has found the IDS Suricata is not a suitable number for alerts to catch the attention of the network manager about the Slowloris attack, while Snort IDS does. Evaluation of CPU consumption and memory of target server. In addition, an analysis of offline traffic reveals that the higher education institution is under DDoS attacks during the analyzed period.