Malicious Traffic Detection in Local Networks with Snort
Snort is an open source Network Intrusion Detection System combining the benefits of signature, protocol and anomaly based inspection and is considered to be the most widely de- ployed IDS/IPS technology worldwide. However, Snort's deployment in a large corporate network poses different problems in terms of performance or rule selection. This paper proposes different improvements to the Snort Security Platform: the use of another library is proposed to significantly improve the amount of traffic that can be analyzed, and Snort's multithreading possibilities are explored. A new rule classification has been devised, and rulesets suited to large corporate networks are proposed. The use of Oinkmaster has been tested and documented to seamlessly update Snort's rules.
Keywords: Intrusion Detection
Record created on 2009-09-18, modified on 2016-08-08