Article

Design of a Snort-Based Hybrid Intrusion Detection System

Authors:

J. Gómez,

C. Gil,

N. Padilla,

R. Baños,

C. JiménezAuthors Info & Claims

IWANN '09: Proceedings of the 10th International Work-Conference on Artificial Neural Networks: Part II: Distributed Computing, Artificial Intelligence, Bioinformatics, Soft Computing, and Ambient Assisted Living

Pages 515 - 522

https://doi.org/10.1007/978-3-642-02481-8_75

Published: 06 June 2009 Publication History

Abstract

Computer security has become a major problem in our society. In particular, computer network security is concerned with preventing the intrusion of an unauthorized person into a network of computers. An intrusion detection system (IDS) is a tool to monitor the network traffic and users' activity with the aim of distinguishing between hostile and non-hostile traffic. Snort is an IDS available under GPL, which allows pattern search. This paper presents a new anomaly pre-processor that extends the functionality of Snort IDS, making it a hybrid IDS.

References

[1]

Bace, R., Mell, P.: NIST Special Publication on Intrusion Detection Systems (2004), http://www.21cfrpart11.com/files/library/reg_guid_docs/ nist_intrusiondetectionsys.pdf

Google Scholar

[2]

Baker, A., Beale, J., Caswell, B., Poore, M.: Snort 2.1 Intrusion Detection, 2nd edn. (2004), http://www.snort.org/

Crossref

Google Scholar

[3]

Ranum, M., Landfield, K., Stolarchuk, M., Sienkiewicz, M., Lambeth, A., Wall, E.: Implementing a generalized tool for network monitoring. In: Proceedings of the Eleventh Systems Administration Conference (LISA 1997), San Diego (1997).

Crossref

Google Scholar

[4]

Heberlein, L.T.: Network Security Monitor (NSM) - Final Report. Lawrence Livermore National Laboratory, Davis, CA (1995).

Google Scholar

[5]

Lawrence Livermore National Laboratory: Network Intrusion Detector (NID) Overview. Computer Security Technology Center (1998).

Google Scholar

[6]

Denning, D.E.: An Intrusion-Detection Model. IEEE Transactions on Software Engineering 13(2), 222-232 (1987).

Crossref

Google Scholar

[7]

Ye, N., Emran, S.M., Li, X., Chen, Q.: Statistical process control for computer intrusion detection. In: DARPA Information Survivability Conference & Exposition II, DISCEX 2001 (2001).

Google Scholar

[8]

Barbara, D., Wu, N., Jajodia, S.: Detecting novel network intrusions using Bayes estimators. In: Proceedings of First SIAM Conference on Data Mining, Chicago, IL (2001).

Google Scholar

[9]

Díaz-Verdejo, J.E., García-Teodoro, P., Muñoz, P., Maciá-Fernández, G., De Toro, F.: Una aproximación basada en Snort para el desarrollo e implantación de IDS híbridos (A Snort-based approach for the development and deployment of hybrid IDS). IEEE Latin America Transactions 5(6), 386-392 (2007).

Google Scholar

[10]

Hwang, K., Cai, M., Chen, Y., Qin, M.: Hybrid Intrusion Detection with Weighted Signature Generation Over Anomalous Internet Episodes. IEEE Transactions on Dependable and Secure Computing 4(1), 41-55 (2007).

Crossref

Google Scholar

[11]

Wuu, L.C., Hung, C.H., Chen, S.F.: Building intrusión pattern miner for Snort network intrusión detection system. Journal of Systems and Software 80(10), 1699-1715 (2007).

Crossref

Google Scholar

[12]

Ptacek, T.H., Newsham, T.N.: Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection. Secure Networks, Inc. (1998).

Google Scholar

[13]

Intrusion Detection Evaluation Data Sets. DARPA (2002), http://www.ll.mit.edu/mission/communications/ist/corpora/ ideval/index.html

Google Scholar

Cited By

View all

Sun XZhang DQin HTang J(2022)Bridging the Last-Mile Gap in Network Security via Generating Intrusion-Specific Detection Patterns through Machine LearningSecurity and Communication Networks10.1155/2022/39903862022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/3990386
Gómez JGil CBaños RMárquez AMontoya FMontoya M(2011)A multi-objective evolutionary algorithm for network intrusion detection systemsProceedings of the 11th international conference on Artificial neural networks conference on Advances in computational intelligence - Volume Part I10.5555/2023252.2023264(73-80)Online publication date: 8-Jun-2011
https://dl.acm.org/doi/10.5555/2023252.2023264
Pu LFaltings BYang QHu DGreenstadt R(2010)Relational network-service clustering analysis with set evidencesProceedings of the 3rd ACM workshop on Artificial intelligence and security10.1145/1866423.1866432(35-44)Online publication date: 8-Oct-2010
https://dl.acm.org/doi/10.1145/1866423.1866432

Design of a Snort-Based Hybrid Intrusion Detection System

Recommendations

A hybrid intrusion detection system design for computer network security

Intrusions detection systems (IDSs) are systems that try to detect attacks as they occur or after the attacks took place. IDSs collect network traffic information from some point on the network or computer system and then use this information to secure ...
Rule generalisation in intrusion detection systems using SNORT

Intrusion Detection Systems (IDSs) provide an important layer of security for computer systems and networks. An IDS's responsibility is to detect suspicious or unacceptable system and network activity and to alert a systems administrator to this ...
Study of snort-based IDS
ICWET '10: Proceedings of the International Conference and Workshop on Emerging Trends in Technology

General trend in industry is a shift from Intrusion Detection Systems (IDS) to Intrusion Prevention Systems (IPS). In this paper, we have investigated the motivations behind this trend. In addition, we have surveyed some of the available IDS/IPS tools. ...

Comments

Information & Contributors

Information

Published In

June 2009

1291 pages

ISBN:9783642024801

Editors:
Sigeru Omatu
Graduate School of Engineering, Osaka Prefecture University, Osaka, Japan
,
Miguel P. Rocha
Department of Informatics / CCTC, University of Minho, Braga, Portugal
,
José Bravo
MAmI Research Lab, University of Castilla-La Mancha,, Ciudad Real, Spain
,
Florentino Fernández
Department of Informatics, University of Vigo, Ourense, Spain
,
Emilio Corchado
Grupo de Investigación GICAP, Área de Lenguajes Higher Polytechnic School, Universidad de Burgos, Burgos, Spain
,
Andrés Bustillo
Higher Polytechnic School, University of Burgos, Burgos, Spain
,
Juan M. Corchado
Department of Informatics, University of Salamanca, Salamanca, Spain

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 06 June 2009

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 29 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Sun XZhang DQin HTang J(2022)Bridging the Last-Mile Gap in Network Security via Generating Intrusion-Specific Detection Patterns through Machine LearningSecurity and Communication Networks10.1155/2022/39903862022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/3990386
Gómez JGil CBaños RMárquez AMontoya FMontoya M(2011)A multi-objective evolutionary algorithm for network intrusion detection systemsProceedings of the 11th international conference on Artificial neural networks conference on Advances in computational intelligence - Volume Part I10.5555/2023252.2023264(73-80)Online publication date: 8-Jun-2011
https://dl.acm.org/doi/10.5555/2023252.2023264
Pu LFaltings BYang QHu DGreenstadt R(2010)Relational network-service clustering analysis with set evidencesProceedings of the 3rd ACM workshop on Artificial intelligence and security10.1145/1866423.1866432(35-44)Online publication date: 8-Oct-2010
https://dl.acm.org/doi/10.1145/1866423.1866432

Abstract

References

Cited By

Recommendations

A hybrid intrusion detection system design for computer network security

Rule generalisation in intrusion detection systems using SNORT

Study of snort-based IDS

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Share

Share this Publication link

Share on social media

Affiliations