Advertisement

Design of a Snort-Based Hybrid Intrusion Detection System

  • J. Gómez
  • C. Gil
  • N. Padilla
  • R. Baños
  • C. Jiménez
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5518)

Abstract

Computer security has become a major problem in our society. In particular, computer network security is concerned with preventing the intrusion of an unauthorized person into a network of computers. An intrusion detection system (IDS) is a tool to monitor the network traffic and users’ activity with the aim of distinguishing between hostile and non-hostile traffic. Snort is an IDS available under GPL, which allows pattern search. This paper presents a new anomaly pre-processor that extends the functionality of Snort IDS, making it a hybrid IDS.

Keywords

Intrusion detection systems anomaly detection Network IDS Snort 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Bace, R., Mell, P.: NIST Special Publication on Intrusion Detection Systems (2004), http://www.21cfrpart11.com/files/library/reg_guid_docs/nist_intrusiondetectionsys.pdf
  2. 2.
    Baker, A., Beale, J., Caswell, B., Poore, M.: Snort 2.1 Intrusion Detection, 2nd edn. (2004), http://www.snort.org/
  3. 3.
    Ranum, M., Landfield, K., Stolarchuk, M., Sienkiewicz, M., Lambeth, A., Wall, E.: Implementing a generalized tool for network monitoring. In: Proceedings of the Eleventh Systems Administration Conference (LISA 1997), San Diego (1997)Google Scholar
  4. 4.
    Heberlein, L.T.: Network Security Monitor (NSM) - Final Report. Lawrence Livermore National Laboratory, Davis, CA (1995)Google Scholar
  5. 5.
    Lawrence Livermore National Laboratory: Network Intrusion Detector (NID) Overview. Computer Security Technology Center (1998)Google Scholar
  6. 6.
    Denning, D.E.: An Intrusion-Detection Model. IEEE Transactions on Software Engineering 13(2), 222–232 (1987)CrossRefGoogle Scholar
  7. 7.
    Ye, N., Emran, S.M., Li, X., Chen, Q.: Statistical process control for computer intrusion detection. In: DARPA Information Survivability Conference & Exposition II, DISCEX 2001 (2001)Google Scholar
  8. 8.
    Barbara, D., Wu, N., Jajodia, S.: Detecting novel network intrusions using Bayes estimators. In: Proceedings of First SIAM Conference on Data Mining, Chicago, IL (2001)Google Scholar
  9. 9.
    Díaz-Verdejo, J.E., García-Teodoro, P., Muñoz, P., Maciá-Fernández, G., De Toro, F.: Una aproximación basada en Snort para el desarrollo e implantación de IDS híbridos (A Snort-based approach for the development and deployment of hybrid IDS). IEEE Latin America Transactions 5(6), 386–392 (2007)CrossRefGoogle Scholar
  10. 10.
    Hwang, K., Cai, M., Chen, Y., Qin, M.: Hybrid Intrusion Detection with Weighted Signature Generation Over Anomalous Internet Episodes. IEEE Transactions on Dependable and Secure Computing 4(1), 41–55 (2007)CrossRefGoogle Scholar
  11. 11.
    Wuu, L.C., Hung, C.H., Chen, S.F.: Building intrusión pattern miner for Snort network intrusión detection system. Journal of Systems and Software 80(10), 1699–1715 (2007)CrossRefGoogle Scholar
  12. 12.
    Ptacek, T.H., Newsham, T.N.: Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection. Secure Networks, Inc. (1998)Google Scholar
  13. 13.
    Intrusion Detection Evaluation Data Sets. DARPA (2002), http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/index.html

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • J. Gómez
    • 1
  • C. Gil
    • 2
  • N. Padilla
    • 1
  • R. Baños
    • 2
  • C. Jiménez
    • 1
  1. 1.Dpt. Lenguajes y ComputaciónUniversidad de AlmeríaSpain
  2. 2.Dpt. Arquitectura de Computadores y ElectrónicaUniversidad de Almería, SpainAlmeríaSpain

Personalised recommendations