Intrusion Detection System (IDS) : Investigating Snort Performance in Windows and Ubuntu due to Flooding Attack

Intrusion detection is an important technology that can help in managing threats and vulnerabilities in this changing environment. Computer technology is more and more ubiquitous, the penetration of computer in society is a welcome step towards modernization but society needs to be better equipped with challenges associated with technology. Thus, with the help of intrusion detection system (IDS) that can be used to monitor network for any attack and intrusion, it can reduce the security issues and help people to curb with the advance threat. This project aims to provide insight to small organization, employee and student to have a secure environment in their personal computer. The objectives of this project is to set up an isolate local area network (LAN) to imitate a real network environment using Graphical Network Simulator-3 (GNS3) and to create the scenario for analyzing Snort IDS performance in Windows and Ubuntu due to flooding attack. Basically, this project uses a router in GNS3 that can act as a real router. The IDS was implemented on the PC1 while PC2 acts as an attacker that send a flooding attack to PC 1. The timer was set for 2 minutes and the performance was analyzed based on drop packet and throughput. The result shows that the performance of Snort is better in Ubuntu compared to Windows in term of its drop packet and throughput.