BSnort IPS Better Snort Intrusion Detection / Prevention System

摘要

With the advent of a range of intrusion detection and prevention systems out in the market and Snort IPS standing out from others, always there have been efforts to improve upon the current scenario. Here, a novel technique that can curb many of the current Denial-of-Service attacks which usually disrupts the network connectivity by consuming a large amount of bandwidth is discussed. The Better Snort Intrusion Detection/Prevention System (BSnort) uses Aho-Corasick automaton for the deep packet inspection and makes use of the modified Snort signatures which utilizes minimum amount of CPU and memory. The BSnort stands out from other Network Intrusion Detection Systems (NIDSs) in its integrated use of anomaly detection approach to find out novel attacks using the packet header along with the use of known attack signatures for the payload to pin-point intrusions.