A comparative analysis of Snort 3 and Suricata

Akram Abd Eldjalil Boukebous*, Mohamed Islem Fettache, Gueltoum Bendiab, Stavros Shiaeles

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1689 Downloads (Pure)


The threat of intrusion has become a reality in modern network infrastructures, especially with the increased usage of IoT devices, cloud computing and wireless telecommunications. In this context, Network intrusion detection systems (NIDS) are becoming strategic security solutions, offering thorough defence against potential threats to the integrity, confidentiality, and availability of the data on a network. Many NIDS systems have been proposed in the literature, but Snort and Suricata are the most known in the open-source market. This paper compares the performance of the two NIDS, especially with the release of Snort 3 which is considered as the next generation of the Snort NIDS by integrating new ideas such as multithreading, expanded bindings and better cross-platform support. The quantitative study is done in a virtualised network environment in order to measure the performance of each NIDS in terms of accuracy, memory and processor usage, packet processing rate and the number of packet losses of each NIDSs. From this study, we have concluded that Snort 3 has better performance than Snort 2 and both Snort 3 and Suricata perform well but are not perfect and have some limitations that should be tackled.

Original languageEnglish
Title of host publication2023 IEEE IAS Global Conference on Emerging Technologies, GlobConET 2023
PublisherInstitute of Electrical and Electronics Engineers Inc.
Number of pages6
ISBN (Electronic)9798350331790
ISBN (Print)9798350331806
Publication statusPublished - 16 Jun 2023
Event2023 IEEE IAS Global Conference on Emerging Technologies, GlobConET 2023 - London, United Kingdom
Duration: 19 May 202321 May 2023


Conference2023 IEEE IAS Global Conference on Emerging Technologies, GlobConET 2023
Country/TerritoryUnited Kingdom


  • Multithreaded
  • Network Security
  • NIDS
  • Signature-based detection
  • Snort
  • Suricata

Cite this