Abstract
Computer security has become a major problem in our society. In particular, computer network security is concerned with preventing the intrusion of an unauthorized person into a network of computers. An intrusion detection system (IDS) is a tool to monitor the network traffic and users’ activity with the aim of distinguishing between hostile and non-hostile traffic. Snort is an IDS available under GPL, which allows pattern search. This paper presents a new anomaly pre-processor that extends the functionality of Snort IDS, making it a hybrid IDS.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Bace, R., Mell, P.: NIST Special Publication on Intrusion Detection Systems (2004), http://www.21cfrpart11.com/files/library/reg_guid_docs/nist_intrusiondetectionsys.pdf
Baker, A., Beale, J., Caswell, B., Poore, M.: Snort 2.1 Intrusion Detection, 2nd edn. (2004), http://www.snort.org/
Ranum, M., Landfield, K., Stolarchuk, M., Sienkiewicz, M., Lambeth, A., Wall, E.: Implementing a generalized tool for network monitoring. In: Proceedings of the Eleventh Systems Administration Conference (LISA 1997), San Diego (1997)
Heberlein, L.T.: Network Security Monitor (NSM) - Final Report. Lawrence Livermore National Laboratory, Davis, CA (1995)
Lawrence Livermore National Laboratory: Network Intrusion Detector (NID) Overview. Computer Security Technology Center (1998)
Denning, D.E.: An Intrusion-Detection Model. IEEE Transactions on Software Engineering 13(2), 222–232 (1987)
Ye, N., Emran, S.M., Li, X., Chen, Q.: Statistical process control for computer intrusion detection. In: DARPA Information Survivability Conference & Exposition II, DISCEX 2001 (2001)
Barbara, D., Wu, N., Jajodia, S.: Detecting novel network intrusions using Bayes estimators. In: Proceedings of First SIAM Conference on Data Mining, Chicago, IL (2001)
Díaz-Verdejo, J.E., García-Teodoro, P., Muñoz, P., Maciá-Fernández, G., De Toro, F.: Una aproximación basada en Snort para el desarrollo e implantación de IDS híbridos (A Snort-based approach for the development and deployment of hybrid IDS). IEEE Latin America Transactions 5(6), 386–392 (2007)
Hwang, K., Cai, M., Chen, Y., Qin, M.: Hybrid Intrusion Detection with Weighted Signature Generation Over Anomalous Internet Episodes. IEEE Transactions on Dependable and Secure Computing 4(1), 41–55 (2007)
Wuu, L.C., Hung, C.H., Chen, S.F.: Building intrusión pattern miner for Snort network intrusión detection system. Journal of Systems and Software 80(10), 1699–1715 (2007)
Ptacek, T.H., Newsham, T.N.: Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection. Secure Networks, Inc. (1998)
Intrusion Detection Evaluation Data Sets. DARPA (2002), http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/index.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gómez, J., Gil, C., Padilla, N., Baños, R., Jiménez, C. (2009). Design of a Snort-Based Hybrid Intrusion Detection System. In: Omatu, S., et al. Distributed Computing, Artificial Intelligence, Bioinformatics, Soft Computing, and Ambient Assisted Living. IWANN 2009. Lecture Notes in Computer Science, vol 5518. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02481-8_75
Download citation
DOI: https://doi.org/10.1007/978-3-642-02481-8_75
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-02480-1
Online ISBN: 978-3-642-02481-8
eBook Packages: Computer ScienceComputer Science (R0)