Design of a Snort-Based Hybrid Intrusion Detection System

  • J. Gómez
  • C. Gil
  • N. Padilla
  • R. Baños
  • C. Jiménez
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5518)


Computer security has become a major problem in our society. In particular, computer network security is concerned with preventing the intrusion of an unauthorized person into a network of computers. An intrusion detection system (IDS) is a tool to monitor the network traffic and users’ activity with the aim of distinguishing between hostile and non-hostile traffic. Snort is an IDS available under GPL, which allows pattern search. This paper presents a new anomaly pre-processor that extends the functionality of Snort IDS, making it a hybrid IDS.


Intrusion detection systems anomaly detection Network IDS Snort 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bace, R., Mell, P.: NIST Special Publication on Intrusion Detection Systems (2004),
  2. 2.
    Baker, A., Beale, J., Caswell, B., Poore, M.: Snort 2.1 Intrusion Detection, 2nd edn. (2004),
  3. 3.
    Ranum, M., Landfield, K., Stolarchuk, M., Sienkiewicz, M., Lambeth, A., Wall, E.: Implementing a generalized tool for network monitoring. In: Proceedings of the Eleventh Systems Administration Conference (LISA 1997), San Diego (1997)Google Scholar
  4. 4.
    Heberlein, L.T.: Network Security Monitor (NSM) - Final Report. Lawrence Livermore National Laboratory, Davis, CA (1995)Google Scholar
  5. 5.
    Lawrence Livermore National Laboratory: Network Intrusion Detector (NID) Overview. Computer Security Technology Center (1998)Google Scholar
  6. 6.
    Denning, D.E.: An Intrusion-Detection Model. IEEE Transactions on Software Engineering 13(2), 222–232 (1987)CrossRefGoogle Scholar
  7. 7.
    Ye, N., Emran, S.M., Li, X., Chen, Q.: Statistical process control for computer intrusion detection. In: DARPA Information Survivability Conference & Exposition II, DISCEX 2001 (2001)Google Scholar
  8. 8.
    Barbara, D., Wu, N., Jajodia, S.: Detecting novel network intrusions using Bayes estimators. In: Proceedings of First SIAM Conference on Data Mining, Chicago, IL (2001)Google Scholar
  9. 9.
    Díaz-Verdejo, J.E., García-Teodoro, P., Muñoz, P., Maciá-Fernández, G., De Toro, F.: Una aproximación basada en Snort para el desarrollo e implantación de IDS híbridos (A Snort-based approach for the development and deployment of hybrid IDS). IEEE Latin America Transactions 5(6), 386–392 (2007)CrossRefGoogle Scholar
  10. 10.
    Hwang, K., Cai, M., Chen, Y., Qin, M.: Hybrid Intrusion Detection with Weighted Signature Generation Over Anomalous Internet Episodes. IEEE Transactions on Dependable and Secure Computing 4(1), 41–55 (2007)CrossRefGoogle Scholar
  11. 11.
    Wuu, L.C., Hung, C.H., Chen, S.F.: Building intrusión pattern miner for Snort network intrusión detection system. Journal of Systems and Software 80(10), 1699–1715 (2007)CrossRefGoogle Scholar
  12. 12.
    Ptacek, T.H., Newsham, T.N.: Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection. Secure Networks, Inc. (1998)Google Scholar
  13. 13.
    Intrusion Detection Evaluation Data Sets. DARPA (2002),

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • J. Gómez
    • 1
  • C. Gil
    • 2
  • N. Padilla
    • 1
  • R. Baños
    • 2
  • C. Jiménez
    • 1
  1. 1.Dpt. Lenguajes y ComputaciónUniversidad de AlmeríaSpain
  2. 2.Dpt. Arquitectura de Computadores y ElectrónicaUniversidad de Almería, SpainAlmeríaSpain

Personalised recommendations