Open AccessProceedings Article
Snort - Lightweight Intrusion Detection for Networks
Martin Roesch
- pp 229-238
TLDR
Snort provides a layer of defense which monitors network traffic for predefined suspicious activity or patterns, and alert system administrators when potential hostile traffic is detected.Abstract:
Network intrusion detection systems (NIDS) are an important part of any network security architecture. They provide a layer of defense which monitors network traffic for predefined suspicious activity or patterns, and alert system administrators when potential hostile traffic is detected. Commercial NIDS have many differences, but Information Systems departments must face the commonalities that they share such as significant system footprint, complex deployment and high monetary cost. Snort was designed to address these issues.read more
Citations
More filters
Journal ArticleDOI
An overview of anomaly detection techniques: Existing solutions and latest technological trends
Animesh Patcha,Jung-Min Park +1 more
TL;DR: This paper provides a comprehensive survey of anomaly detection systems and hybrid intrusion detection systems of the recent past and present and discusses recent technological trends in anomaly detection and identifies open problems and challenges in this area.
Proceedings Article
BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection
TL;DR: This paper presents a general detection framework that is independent of botnet C&C protocol and structure, and requires no a priori knowledge of botnets (such as captured bot binaries and hence the botnet signatures, and C &C server names/addresses).
Journal ArticleDOI
Network Anomaly Detection: Methods, Systems and Tools
TL;DR: This paper provides a structured and comprehensive overview of various facets of network anomaly detection so that a researcher can become quickly familiar with every aspect of network anomalies detection.
Book ChapterDOI
Anomalous Payload-Based Network Intrusion Detection
Ke Wang,Salvatore J. Stolfo +1 more
TL;DR: A payload-based anomaly detector, called PAYL, for intrusion detection that demonstrates the surprising effectiveness of the method on the 1999 DARPA IDS dataset and a live dataset the authors collected on the Columbia CS department network.
Proceedings Article
BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic
Guofei Gu,Junjie Zhang,Wenke Lee +2 more
TL;DR: This paper proposes an approach that uses network-based anomaly detection to identify botnet C&C channels in a local area network without any prior knowledge of signatures or C &C server addresses, and shows that BotSniffer can detect real-world botnets with high accuracy and has a very low false positive rate.
References
More filters
The BSD packet filter: a new architecture for user-level packet capture
Steven McCanne,Van Jacobson +1 more
TL;DR: The BSD Packet Filter (BPF) uses a new, register-based filter evaluator that is up to 20 times faster than the original design, and uses a straighforward buffering strategy that makes its overall performance up to 100 times better than Sun's NIT running on the same hardware.
Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection
TL;DR: Three classes of attacks which exploit fundamentally problems with the reliability of passive protocol analysis are defined--insertion, evasion and denial of service attacks--and how to apply these three types of attacks to IP and TCP protocol analysis is described.
Proceedings Article
Automated System Monitoring and Notification With Swatch
Stephen Hansen,E. Todd Atkins +1 more
TL;DR: An easily configurable log file filter/monitor, called swatch, is developed that acts to filter out unwanted data and take one or more user specified actions based upon patterns in the log.
Book
Algorithms in C, Parts 1-4: Fundamentals, Data Structures, Sorting, Searching
TL;DR: Sedgewick as mentioned in this paper has thoroughly rewritten and substantially expanded his popular work to provide current and comprehensive coverage of important algorithms and data structures, and explanations of each algorithm are much more detailed than in previous editions.