Skip to content

Performances

Performance is a key feature for network intrusion detection systems. The simplicity of netspot actually makes it fast.

Comparison with other IDS

If we compare netspot with Suricata (common rule-based IDS) and Kitsune (trendy anomaly-based IDS in the research area), we merely notice that netspot is far faster.

The performances of Kitsune come from their original paper while some experiments have been performed on a capture file (provided by the authors of Kitsune) for Suricata and netspot.

Desktop

Raspberry Pi 3B+

Warning

Suricata was not available on ARM platform during our tests

Number of processors

netspot tremendously uses goroutines. It brings much performance if your computer has several cores, so we may wonder the impact of the number of processors. For that, we show some runs we made on a desktop computer with 6 Intel(R) Core(TM) i5-8400 CPU @ 2.80GHz.

The next results come from the analysis of a pcap file available on MAWILAB that basically stores 74M of packets.

The graph below shows that even if you have few cores (or you want to limit their use), netspot remains efficient.