<![CDATA[Background: Network security is an essential aspect of IT infrastructure management, with the main threat beingDenial-of-Service (DoS) attacks, particularly SYN Flood attacks.Objective: The purpose of this study is to evaluate the effectiveness of three Intrusion Detection Systems (IDS), namelySnort, Suricata, and Zeek, in detecting TCP SYN Flood attacks. The testing environment uses Windows Server 2022 asthe target system to simulate real-world conditions on a production network.Methods: This study employs an experimental method comprising the following stages: problem identification, analysis,design/development, implementation, testing, and results analysis.Result: This study shows that Snort performs best in attack detection, with an average of 68.25%, followed by Suricata at61.08% and Zeek at 55.77%. In terms of CPU usage, Snort also leads with an average of 16.3%, while Suricata and Zeekuse 24.5% and 21.7%, respectively. For RAM usage, Snort recorded an average of 18.2%, followed by Zeek at 16.6% andSuricata at 24.5%.Conclusion: This study concludes that Snort is superior in network detection and CPU efficiency. At the same time,Zeek is more efficient with RAM usage, while Suricata has average performance and the highest resource usage. ]]>
Copyrights © 2025
