CFP last date
20 December 2024
Reseach Article

Design of a Hybrid Intrusion Detection System using Snort and Hadoop

by Prathibha P. G, Dileesh E. D
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 73 - Number 10
Year of Publication: 2013
Authors: Prathibha P. G, Dileesh E. D
10.5120/12775-9226

Prathibha P. G, Dileesh E. D . Design of a Hybrid Intrusion Detection System using Snort and Hadoop. International Journal of Computer Applications. 73, 10 ( July 2013), 5-10. DOI=10.5120/12775-9226

@article{ 10.5120/12775-9226,
author = { Prathibha P. G, Dileesh E. D },
title = { Design of a Hybrid Intrusion Detection System using Snort and Hadoop },
journal = { International Journal of Computer Applications },
issue_date = { July 2013 },
volume = { 73 },
number = { 10 },
month = { July },
year = { 2013 },
issn = { 0975-8887 },
pages = { 5-10 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume73/number10/12775-9226/ },
doi = { 10.5120/12775-9226 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T21:39:42.026113+05:30
%A Prathibha P. G
%A Dileesh E. D
%T Design of a Hybrid Intrusion Detection System using Snort and Hadoop
%J International Journal of Computer Applications
%@ 0975-8887
%V 73
%N 10
%P 5-10
%D 2013
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Security is the most important issue that is to be considered in any environment. Any attack can be launched from any node. Any of these attacks should be identified and subsequent actions should be taken to avoid further consequences. An intrusion detection system helps in identifying the attacks at the early stage and give alarms. These intrusion detection systems should be able to identify almost any kind of attacks, be it a newly launched one or a pre-established one. In this work, the intrusion detection system Snort is made use of . In this work, the packets captured by Snort is analyzed by the Grid computing framework Hadoop, which is used for Big Data Analysis. For more user friendlier analysis a data warehouse system for Hadoop, Hive is also provided. For those ip addresses that generate large number of packets, Snort rules will be generated so that when the number of packets from a particular source exceeds a number, the node will generate alerts to other nodes since there is a possibility of attack.

References
  1. W. Chen, W. Kuo and Y. Wang, Building IDS Log Analysis System on Novel Grid Computing Architecture, National Center for High-Performance Computing, Taiwan,2009
  2. Y. Lee, W. Kang, Y. Lee, A Hadoop-based Packet Trace Processing Tool, Proceedings of Third International Workshop on Traffic Monitoring and Analysis,2011,pp: 51-63
  3. Y. Lee, W. Kanf, H. Son, An Internet Traffic Analysis Method with MapReduce,IEEE/IFIP Network Operations and Management Symposium Workshops,2010 ,pp:357-361
  4. X. Fang ,Integrating Artificial Intelligence into Snort IDS, Proc of 3rd International Workshop on Intelligent Systems and Applications, May 2011,pp: 1- 4
  5. B. E. Lavender, Implementation of Genetic Algorithm into a Network Intrusion Detection System (netGA) and Integrating to nProbe , Thesis Work
  6. J. Gomez, C. Gil , N. Padilla , R. Banos, C. Jimenez, Design of a Snort-Based Hybrid Intrusion Detection System, Proceedings of the 10th International Work-Conference on Artificial Neural Networks, 2009,pp: 515- 522,
  7. M. Roesch ,Snort Lightweight Intrusion Detection for Networks, Proc of LISA '99: 13th Systems Administration Conference, 1999 ,pp:230- 238
  8. T. White and P. W. Daly, Hadoop-The Definitive Guide, O'Reilly
  9. A. Thushoo et. al. ,Hive A Petabyte Scale Data Warehouse Using Hadoop, Proceedings of ICDE Conference,2010 ,pp:996-1004
Index Terms

Computer Science
Information Sciences

Keywords

Hadoop Hive MapReduce Snort RulesKeyword