Automatic SNORT IDS rule generation based on honeypot log
暂无分享,去创建一个
The main objective of this research is to integrate honeypot and IDS, which can generate and activate snort rule automatically based on the data sending by honeypot server. The new technic is present in this paper, honeypot will collect the data, send the data to IDS, and then IDS will evaluate and generate the rules automatically. Rule that has been made will be active to filter packets sent by the user on the network. We compare rule generated automatically with default rule in snort system for the same pattern. The performance of the proposed technique was evaluated by measuring the effectiveness of IDS server from the attacking.
[1] Vidar Ajaxon Grønland. Building IDS rules by means of a honeypot , 2006 .
[2] Manoj Chaudhari. IDS: Survey on Intrusion Detection System in Cloud Computing , 2014 .
[3] Khalid Shahbar,et al. (WHASG) Automatic SNORT Signatures Generation by using Honeypot , 2013, J. Comput..