Testing the Effectiveness of Intrusion Detection Systems (IDS)Snort, Suricata, and Zeek against SYN Flood Attackss (IDS) Snort,Suricata, dan Zeek terhadap Serangan SYN Flood
DOI:
https://doi.org/10.30812/bite.v7i2.5226Keywords:
Attack Detection, System Efficiency, Intrusion Detection System (IDS), Network Security, SYN FloodAbstract
Background: Network security is an essential aspect of IT infrastructure management, with the main threat being
Denial-of-Service (DoS) attacks, particularly SYN Flood attacks.
Objective: The purpose of this study is to evaluate the effectiveness of three Intrusion Detection Systems (IDS), namely
Snort, Suricata, and Zeek, in detecting TCP SYN Flood attacks. The testing environment uses Windows Server 2022 as
the target system to simulate real-world conditions on a production network.
Methods: This study employs an experimental method comprising the following stages: problem identification, analysis,
design/development, implementation, testing, and results analysis.
Result: This study shows that Snort performs best in attack detection, with an average of 68.25%, followed by Suricata at
61.08% and Zeek at 55.77%. In terms of CPU usage, Snort also leads with an average of 16.3%, while Suricata and Zeek
use 24.5% and 21.7%, respectively. For RAM usage, Snort recorded an average of 18.2%, followed by Zeek at 16.6% and
Suricata at 24.5%.
Conclusion: This study concludes that Snort is superior in network detection and CPU efficiency. At the same time,
Zeek is more efficient with RAM usage, while Suricata has average performance and the highest resource usage.
Downloads
References
[1] A. Irawan et al., “Tantangan dan Strategi Manajemen Keamanan Siber di Indonesia berbasis IoT,” Journal
Zetroem, vol. 6, no. 1, pp. 114–119, Apr. 3, 2024. doi: 10.36526/ztr.v6i1.3376.
[2] O. Rivaldi dan N. L. Marpaung, “Penerapan Sistem Keamanan Jaringan Menggunakan Intrusion Prevention
System Berbasis Suricata,” INOVTEK Polbeng - Seri Informatika, vol. 8, no. 1, p. 141, Jun. 17, 2023. doi:
10.35314/isi.v8i1.3269.
[3] M. R. H. Tambunan dan S. N. Neyman, “Implementasi Firewall pada Linux untuk Pencegahan Dari
Serangan DoS,” Journal of Technology and System Information, vol. 1, no. 4, p. 10, Jun. 13, 2024. doi:
10.47134/jtsi.v1i4.2648.
[4] S. Munawarah, K. Kurniabudi, dan E. A. Winanto, “Deteksi Serangan DDoS SYN Flood Pada Jaringan
Internet of Things (IoT) Menggunakan Metode Deep Neural Network (DNN),” Jurnal Informatika dan
Rekayasa Komputer (JAKAKOM), vol. 4, no. 1, pp. 982–991, Apr. 30, 2024. doi: 10.33998/jakakom.
2024.4.1.1710.
[5] H. Alamsyah, R. Riska, dan A. Al Akbar, “Analisa Keamanan Jaringan Menggunakan Network Intrusion
Detection and Prevention System,” JOINTECS (Journal of Information Technology and Computer Science),
vol. 5, no. 1, p. 17, Jan. 25, 2020. doi: 10.31328/jointecs.v5i1.1240.
[6] A. Khaliq dan S. Novida Sari, “Pemanfaatan Kerangka Kerja Investigasi Forensik Jaringan untuk Identifikasi
Serangan Jaringan Menggunakan Sistem Deteksi Intrusi (IDS),” Jurnal Nasional Teknologi Komputer,
vol. 2, no. 3, pp. 150–158, Aug. 18, 2022. doi: 10.61306/jnastek.v2i3.52.
[7] L. Lukman dan M. Suci, “Analisis Perbandingan Kinerja Snort Dan Suricata Sebagai Intrusion Detection
System Dalam Mendeteksi Serangan Syn Flood Pada Web Server Apache,” Respati, vol. 15, no. 2, p. 6,
Jul. 10, 2020. doi: 10.35842/jtir.v15i2.343.
[8] E. H. Kalabo, S. Syaifuddin, dan F. D. S. Sumadi, “Analisa Performa Intrusion Detection System (IDS)
Snort Dan Suricata Terhadap Serangan TCP SYN Flood,” Jurnal Repositor, vol. 4, no. 3, Jan. 16, 2024.
doi: 10.22219/repositor.v4i3.31108.
[9] G. K. Bada, W. K. Nabare, dan D. K. K. Quansah, “Comparative Analysis of the Performance of
Network Intrusion Detection Systems: Snort, Suricata and Bro Intrusion Detection Systems in Perspective,”
International Journal of Computer Applications, vol. 176, no. 40, pp. 39–44, Jul. 15, 2020. doi: 10.5120/
ijca2020920513.
[10] R. Perdig´on-Llanes, “Evaluaci´on de Snort y Suricata para la detecci´on de sondeos de redes y ataques de
denegaci´on de servicio,” Revista cient´ıfica de sistemas e inform´atica, vol. 2, no. 2, e363, Jul. 20, 2022. doi:
10.51252/rcsi.v2i2.363.
[11] T. Purnama, Y. Muhyidin, dan D. Singasatia, “Implementasi Intrusion Detection System (IDS) Snort
sebagai Sistem Keamanan Menggunakan Whatsapp dan Telegram sebagai Media Notifikasi,” Jurnal
Teknologi Informasi dan Komunikasi, vol. 14, no. 2, pp. 358–369, Sep. 1, 2023. doi: 10.51903/jtikp.
v14i2.726.
[12] W. Haniyah et al., “Simulasi Serangan Denial of Service (DoS) menggunakan Hping3 melalui Kali Linux,”
Journal of Internet and Software Engineering, vol. 1, no. 2, p. 8, Jun. 11, 2024. doi: 10.47134/pjise.
v1i2.2654.
[13] P. P. Insani, I. Kanedi, dan A. A. Akbar, “Implementation of Snort as a Wireless Network Security Detection
Tool Using Linux Ubuntu,” Jurnal Komputer, Informasi dan Teknologi, vol. 3, no. 2, pp. 443–458, Dec. 31,
2023. doi: 10.53697/jkomitek.v3i2.1488.
[14] A. R. Zain et al., “Implementasi Intrusion Detection System (IDS) Suricata dan Management Log Elk
Stack untuk Pendeteksian Kegiatan Mining,” Jurnal Poli-Teknologi, vol. 22, no. 1, pp. 23–29, Jan. 31,
2023. doi: 10.32722/pt.v22i1.4974.
[15] S. Haas, R. Sommer, dan M. Fischer, “Zeek-Osquery: Host-Network Correlation for Advanced Monitoring
and Intrusion Detection,” en, in ICT Systems Security and Privacy Protection, M. H¨olbl, K. Rannenberg, dan
T. Welzer, Eds., vol. 580, Cham: Springer International Publishing, 2020, pp. 248–262. doi: 10.1007/978-
3-030-58201-2_17.
[16] I. P. A. E. Pratama, “TCP SYN Flood (DoS) Attack Prevention Using SPI Method on CSF: A PoC,”
Bulletin of Computer Science and Electrical Engineering, vol. 1, no. 2, pp. 63–72, Aug. 7, 2020. doi:
10.25008/bcsee.v1i2.7
Downloads
Published
Issue
Section
License
Copyright (c) 2025 I Nyoman Bagus Arya Wirianda, Raphael Bianco Huwae, Andy Hidayat Jatmika
This work is licensed under a Creative Commons Attribution 4.0 International License.
