Design of a Hybrid Intrusion Detection System using Snort and Hadoop

Security is the most important issue that is to be considered in any environment. Any attack can be launched from any node. Any of these attacks should be identified and subsequent actions should be taken to avoid further consequences. An intrusion detection system helps in identifying the attacks at the early stage and give alarms. These intrusion detection systems should be able to identify almost any kind of attacks, be it a newly launched one or a pre-established one. In this work, the intrusion detection system Snort is made use of .In this work, the packets captured by Snort is analyzed by the Grid computing framework Hadoop, which is used for Big Data Analysis. For more user friendlier analysis a data warehouse system for Hadoop, Hive is also provided. For those ip addresses that generate large number of packets, Snort rules will be generated so that when the number of packets from a particular source exceeds a number, the node will generate alerts to other nodes since there is a possibility of attack.

[1]  Youngseok Lee,et al.  A Hadoop-Based Packet Trace Processing Tool , 2011, TMA.

[2]  Xianjin Fang,et al.  Integrating Artificial Intelligence into Snort IDS , 2011, 2011 3rd International Workshop on Intelligent Systems and Applications.

[3]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[4]  Brian Eugene Lavender,et al.  IMPLEMENTATION OF GENETIC ALGORITHMS INTO A NETWORK INTRUSION DETECTION SYSTEM (netGA), AND INTEGRATION INTO nProbe , 2010 .

[5]  Consolación Gil,et al.  Design of a Snort-Based Hybrid Intrusion Detection System , 2009, IWANN.

[6]  Youngseok Lee,et al.  An Internet traffic analysis method with MapReduce , 2010, 2010 IEEE/IFIP Network Operations and Management Symposium Workshops.

[7]  Zheng Shao,et al.  Hive - a petabyte scale data warehouse using Hadoop , 2010, 2010 IEEE 26th International Conference on Data Engineering (ICDE 2010).

[8]  Tom White,et al.  Hadoop: The Definitive Guide , 2009 .