BSnort IPS Better Snort Intrusion Detection / Prevention System

Author

Padmashani, R. ; Sathyadevan, Shiju ; Dath, D.

Author_Institution

Dept. of CSE, Amrita Vishwa Vidyapeetham, Kollam, India

fYear

2012

fDate

27-29 Nov. 2012

Firstpage

46

Lastpage

51

Abstract

With the advent of a range of intrusion detection and prevention systems out in the market and Snort IPS standing out from others, always there have been efforts to improve upon the current scenario. Here, a novel technique that can curb many of the current Denial-of-Service attacks which usually disrupts the network connectivity by consuming a large amount of bandwidth is discussed. The Better Snort Intrusion Detection/Prevention System (BSnort) uses Aho-Corasick automaton for the deep packet inspection and makes use of the modified Snort signatures which utilizes minimum amount of CPU and memory. The BSnort stands out from other Network Intrusion Detection Systems (NIDSs) in its integrated use of anomaly detection approach to find out novel attacks using the packet header along with the use of known attack signatures for the payload to pin-point intrusions.

Keywords

computer network security; Aho-Corasick automaton; BSnort IPS; Denial-of-Service attacks; NIDS; anomaly detection approach; better snort intrusion detection-prevention system; modified Snort signatures; network connectivity; network intrusion detection systems; packet header; packet inspection; pin-point intrusions; Conferences; Decision support systems; Intelligent systems; BSnort; Boyer-Moore; Hping; Signatures; Snort;

fLanguage

English

Publisher

ieee

Conference_Titel

Intelligent Systems Design and Applications (ISDA), 2012 12th International Conference on

Conference_Location

Kochi

ISSN

2164-7143

Print_ISBN

978-1-4673-5117-1

Type

conf

DOI

10.1109/ISDA.2012.6416511

Filename

6416511