String matching enhancement for snort IDS

Ali Jaddoa

doi:10.1109/ICCIT.2010.5711211

String matching enhancement for snort IDS

Ali Jaddoa

Research output: Chapter in Book/Report/Conference proceeding › Chapter

5 Citations (Scopus)

Abstract

Intrusion Detection System (IDS) is a security technology that attempts to identify intrusions. Snort is an open source IDS which enables us to detect the previously known intrusions. However, Snort IDS has several problems one of them is the efficiency problem. We suggest using distributed environment in order to enhance it. We achieved this goal by enhancing the Snort's string matching engine through using a LAN of computers, where each computer in the LAN matching a subset of the monitored attacks. The experimental results show that it is possible to improve Snort's efficiency using distributed environment. In addition, Snort's testability has been enhanced.

Original language	English
Title of host publication	5th International Conference on Computer Sciences and Convergence Information Technology
Publisher	IEEE
Pages	1020-1023
ISBN (Print)	9788988678305, 9781424485673
DOIs	https://doi.org/10.1109/ICCIT.2010.5711211
Publication status	Published - 10 Feb 2011

Keywords

Algorithm design and analysis
Intrusion detection system
LAN
Open source IDS
Snort IDS

Access to Document

10.1109/ICCIT.2010.5711211

Cite this

@inbook{f6c13bbe6434428e95fb8f2b442e810a,

title = "String matching enhancement for snort IDS",

abstract = "Intrusion Detection System (IDS) is a security technology that attempts to identify intrusions. Snort is an open source IDS which enables us to detect the previously known intrusions. However, Snort IDS has several problems one of them is the efficiency problem. We suggest using distributed environment in order to enhance it. We achieved this goal by enhancing the Snort's string matching engine through using a LAN of computers, where each computer in the LAN matching a subset of the monitored attacks. The experimental results show that it is possible to improve Snort's efficiency using distributed environment. In addition, Snort's testability has been enhanced.",

keywords = "Algorithm design and analysis, Intrusion detection system, LAN, Open source IDS, Snort IDS",

author = "Ali Jaddoa",

year = "2011",

month = feb,

day = "10",

doi = "10.1109/ICCIT.2010.5711211",

language = "English",

isbn = "9788988678305",

pages = "1020--1023",

booktitle = "5th International Conference on Computer Sciences and Convergence Information Technology",

publisher = "IEEE",

}

TY - CHAP

T1 - String matching enhancement for snort IDS

AU - Jaddoa, Ali

PY - 2011/2/10

Y1 - 2011/2/10

N2 - Intrusion Detection System (IDS) is a security technology that attempts to identify intrusions. Snort is an open source IDS which enables us to detect the previously known intrusions. However, Snort IDS has several problems one of them is the efficiency problem. We suggest using distributed environment in order to enhance it. We achieved this goal by enhancing the Snort's string matching engine through using a LAN of computers, where each computer in the LAN matching a subset of the monitored attacks. The experimental results show that it is possible to improve Snort's efficiency using distributed environment. In addition, Snort's testability has been enhanced.

AB - Intrusion Detection System (IDS) is a security technology that attempts to identify intrusions. Snort is an open source IDS which enables us to detect the previously known intrusions. However, Snort IDS has several problems one of them is the efficiency problem. We suggest using distributed environment in order to enhance it. We achieved this goal by enhancing the Snort's string matching engine through using a LAN of computers, where each computer in the LAN matching a subset of the monitored attacks. The experimental results show that it is possible to improve Snort's efficiency using distributed environment. In addition, Snort's testability has been enhanced.

KW - Algorithm design and analysis

KW - Intrusion detection system

KW - LAN

KW - Open source IDS

KW - Snort IDS

U2 - 10.1109/ICCIT.2010.5711211

DO - 10.1109/ICCIT.2010.5711211

M3 - Chapter

SN - 9788988678305

SN - 9781424485673

SP - 1020

EP - 1023

BT - 5th International Conference on Computer Sciences and Convergence Information Technology

PB - IEEE

ER -

String matching enhancement for snort IDS

Abstract

Keywords

Access to Document

Fingerprint

Cite this