Abstract:
With the thriving technology and the great increase in the usage of computer networks, the risk of having these network to be under attacks have been increased. Number of techniques have been created and designed to help in detecting such attacks. One common technique is the use of Network Intrusion Detection System NIDS. Today, number of open sources and commercial Intrusion Detection Systems are available to match enterprises requirements but the performance of these Intrusion Detection Systems is still the main concern. In this research ,an open source snort was implemented on Linux platform used for testing, analyzing packets attacks in Defense advanced Research Project Agency 1999 and comparing the result of it with ground truth table to evaluate the accuracy and performance of snort according to different metrics (true positive ,false positive, false negative, true negative, speed of snort to capture packet and analyze).The precision of the snort became high because so many rules defined (true positive ) ,and still group of undefined rules false positive and false negative that effect the precision .The rustle of the obtained performance was medium ratio. Therefore , snort can deals better under that performance rate in offline traffic, if the rate becomes higher the performance will be reduced
