International Journal of Computer Applications |
Foundation of Computer Science (FCS), NY, USA |
Volume 73 - Number 10 |
Year of Publication: 2013 |
Authors: Prathibha P. G, Dileesh E. D |
10.5120/12775-9226 |
Prathibha P. G, Dileesh E. D . Design of a Hybrid Intrusion Detection System using Snort and Hadoop. International Journal of Computer Applications. 73, 10 ( July 2013), 5-10. DOI=10.5120/12775-9226
Security is the most important issue that is to be considered in any environment. Any attack can be launched from any node. Any of these attacks should be identified and subsequent actions should be taken to avoid further consequences. An intrusion detection system helps in identifying the attacks at the early stage and give alarms. These intrusion detection systems should be able to identify almost any kind of attacks, be it a newly launched one or a pre-established one. In this work, the intrusion detection system Snort is made use of . In this work, the packets captured by Snort is analyzed by the Grid computing framework Hadoop, which is used for Big Data Analysis. For more user friendlier analysis a data warehouse system for Hadoop, Hive is also provided. For those ip addresses that generate large number of packets, Snort rules will be generated so that when the number of packets from a particular source exceeds a number, the node will generate alerts to other nodes since there is a possibility of attack.