Design and implementation of IDS using Snort, Entropy and alert ranking system

Intrusion detection is the process of identifying suspicious activities on a target system or network A lot of approaches have been proposed for building better Intrusion Detection Systems. Some of the approaches use signature based, some use anomaly based and some use both. Most of the real time systems use signature based techniques. Main problem with signature based technique is its vulnerability to unknown attacks. But the problem with anomaly based technique is that they give a lot of false alarms and very difficult to realize. Entropy is one of the anomaly detection technique used in intrusion detection. In this paper we are designing a system with the help of Entropy based technique and integrating with real time system Snort so that it can have advantages of both techniques. Also another issue of IDS, hectic amount of alert data, has also been addressed by developing alert reduction and ranking system. Experimental results show that our system which is working in real time is efficient in terms of attack detection and alert visualization.