Una aproximación basada en Snort para el desarrollo e implantación de IDS híbridos (A Snort-based approach for the development and deployment of hybrid IDS)

Jesús E. Díaz-Verdejo (jedv@ugr.es), Pedro García-Teodoro (pgteodor@ugr.es), P. Muñoz (), G. Maciá-Fernández (gmacia@ugr.es), F. De Toro (ftoro@ugr.es)


Departamento de Teoría de Señal, Telemática y Comunicaciones de la Universidad de Granada
This paper appears in: Revista IEEE América Latina

Publication Date: Oct. 2007
Volume: 5,   Issue: 6 
ISSN: 1548-0992


Abstract:
Apart from the modeling techniques, the development and deployment of anomaly-based intrusion detection systems still faces two main problems. The first one is related to the acquisition and handling of real traffic to be used for training purposes. The second one concerns the better performance of signature-based IDS for known attacks. In this paper the authors propose the use of a modified version of Snort which results in a hybrid detector/classifier. This version can be used both during the training phase of the anomaly-based system and as a deployed hybrid detector and traffic sniffer. Furthermore, it can be adjusted to work just as signature-based, anomaly-based or both (hybrid) detector. On the other hand, this version can be used to directly sniff, classify and split the network traffic according to its malicious nature, which eases the problems related to the acquisition and handling of training traffic.

Index Terms:
Computer network security, intrusion detection.   


Documents that cite this document
This function is not implemented yet.


[PDF Full-Text (2161)]