Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
EPIA
2003
Springer
2003
Springer
Using CLIPS to Detect Network Intrusions
We describe how to build a network intrusion detection sensor by slightly modifying NASA’s CLIPS source code introducing some new features. An overview of the system is presented emphasizing the strategies used to inter-operate between the packet capture engine written in C and CLIPS. Some extensions were developed in order to manipulate timestamps, multiple string pattern matching and certainty factors. Several Snort functions and plugins were adapted and used for packet decoding and preprocessing. A rule translator was also built to reuse most of the Snort’s attack signatures. Despite some performance drawbacks, results prove that CLIPS can be used for real-time network intrusion detection under certain conditions. Several attack signatures using CLIPS rules are showed in the appendix. By mixing CLIPS with Snort features, it was possible to introduce flexibility and expressiveness to network intrusion detection.
Real-time TrafficRelated Content
| Added | 06 Jul 2010 |
| Updated | 06 Jul 2010 |
| Type | Conference |
| Year | 2003 |
| Where | EPIA |
| Authors | Pedro Alípio, Paulo Carvalho, José Neves |
Comments (0)
Researcher Info
|
