Student project

Malicious Traffic Detection in Local Networks with Snort

Snort is an open source Network Intrusion Detection System combining the benefits of signature, protocol and anomaly based inspection and is considered to be the most widely de- ployed IDS/IPS technology worldwide. However, Snort's deployment in a large corporate network poses different problems in terms of performance or rule selection. This paper proposes different improvements to the Snort Security Platform: the use of another library is proposed to significantly improve the amount of traffic that can be analyzed, and Snort's multithreading possibilities are explored. A new rule classification has been devised, and rulesets suited to large corporate networks are proposed. The use of Oinkmaster has been tested and documented to seamlessly update Snort's rules.

    Keywords: Intrusion Detection


    • LCA-STUDENT-2009-004

    Record created on 2009-09-18, modified on 2017-05-12

Related material