A significant number of cyber assaults are attempted against open source internet support software written in C, C++, or Java. Examples of these software packages include the Apache web server, open source DHCP servers, and network share software such as Samba. These attacks attempt to take advantage of inadvertent flaws left in software systems due to a lack of complete testing, inexperienced developers, intentional backdoors into the system, and other reasons. Detecting all of the flaws in a large system is still a daunting, unrealistic task. If it is not possible to completely secure a system, there is a desire to at least detect intrusion attempts in order to stop them while in progress, or repair the damage at a later date. The information assurance area of expertise known as “intrusion detection” attempts to sense unauthorized attempts to obtain access to or manipulate information, or to deny the information to other legitimate users. There are several traditional methods us...
William R. Mahoney, William L. Sousan