Article

Snort - Lightweight Intrusion Detection for Networks

Author:

Martin RoeschAuthors Info & Claims

LISA '99: Proceedings of the 13th USENIX conference on System administration

Pages 229 - 238

Published: 12 November 1999 Publication History

Abstract

Network intrusion detection systems (NIDS) are an important part of any network security architecture. They provide a layer of defense which monitors network traffic for predefined suspicious activity or patterns, and alert system administrators when potential hostile traffic is detected. Commercial NIDS have many differences, but Information Systems departments must face the commonalities that they share such as significant system footprint, complex deployment and high monetary cost. Snort was designed to address these issues.

References

[1]

{SHD98} SHADOW, Steven Northcutt et al., Naval Surface Warfare Center Dahlgren Laboratory, 1998, http://www.nswc.navy.mil/ISSEC/CID/.]]

[2]

{TCPD91} tcpdump, Van Jacobson, Craig Leres and Steven McCanne, Lawrence Berkeley National Laboratory, 1991, http://www-nrg.ee.lbl.gov/.]]

[3]

{PCAP94} libpcap, Van Jacobson, Craig Leres and Steven McCanne, Lawrence Berkeley National Laboratory, 1994, http://www-nrg.ee.lbl.gov/.]]

[4]

{DTK98} Deception Toolkit, Fred Cohen & Associates, 1998, http://all.net/dtk/dtk.html.]]

[5]

{GNU89} GNU General Public License, Richard Stallman, 1989, http://www.gnu.org/copyleft/gpl.txt.]]

[6]

{BPF93} "The BSD Packet Filter: A New Architecture for User-level Packet Capture," Steven McCanne, Van Jacobson, USENIX Technical Conference Proceedings, 1993.]]

Digital Library

[7]

{ALE96} "Smashing the Stack for Fun and Profit," Aleph1, Phrack #49, 1996, http://www.phrack.com.]]

[8]

{BTQ99} Bugtraq Mailing List, archives and vulnerability data base are available at Security Focus, http://www.securityfocus.com.]]

[9]

{IISBT99} "NT IIS Showcode ASP Vulnerability," Bugtraq ID #167, Parcens/L0pht, May, 1999, http://www.securityfocus.com.]]

[10]

{OSS98} The Cathedral and the Bazaar, Eric S. Raymond, 1998, http://www.tuxedo.org/~esr/writings/cathedral-bazaar/.]]

[11]

{FYD97} "The Art of Port Scanning," Fyodor, Phrack #51, 1997, http://www.insecure.org/nmap/p51-11.txt.]]

[12]

{SWT92} "Centralized System Monitoring With Swatch," Stephen E. Hansen and E. Todd Atkins, USENIX Seventh Systems Administration Conference, 1993, http://www.stanford.edu/~atkins/swatch/lisa93.html.]]

[13]

{SEDG97} Algorithms in C: Fundamentals, Data Structures, Sorting, Searching, Robert Sedgewick, Addison-Wesely Publishing Company, 1997.]]

Digital Library

[14]

{IRDP99} L0pht Security Advisory, Silicosis and Mudge, August 1999, http://www.l0pht.com/advisories/rdp.txt.]]

[15]

{ALMN99} Sendmail, Eric Allman, 1999 http://www.sendmail.com.]]

[16]

{PTA98} Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection, Thomas Ptacek and Timothy Newsham, Secure Networks Inc, 1998, http://www.nai.com/services/support/whitepapers/security/IDSpaper.pdf.]]

[17]

{MJR99} Burglar Alarms for Detecting Intrusions, Marcus Ranum, NFR Inc, 1999, http://www.blackhat.com/html/bh-usa-99/bh3-speakers.html.]]

Cited By

Hsieh KWong MSegarra SMani SEberl TPanasyuk ANetravali RChandra RKandula SVanbever LZhang I(2024)NetVigilProceedings of the 21st USENIX Symposium on Networked Systems Design and Implementation10.5555/3691825.3691922(1771-1789)Online publication date: 16-Apr-2024
https://dl.acm.org/doi/10.5555/3691825.3691922
Wang H(2024)Enhancing Accuracy for Super Spreader Identification in High-Speed Data StreamsProceedings of the VLDB Endowment10.14778/3681954.368198817:11(3124-3137)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.14778/3681954.3681988
Nickel MGöhringer D(2024)A Survey on Architectures, Hardware Acceleration and Challenges for In-Network ComputingACM Transactions on Reconfigurable Technology and Systems10.1145/369951418:1(1-34)Online publication date: 10-Oct-2024
https://dl.acm.org/doi/10.1145/3699514
Show More Cited By

Snort - Lightweight Intrusion Detection for Networks
1. Networks
  1. Network services
2. Social and professional topics
  1. Computing / technology policy

Recommendations

Rule generalisation in intrusion detection systems using SNORT

Intrusion Detection Systems (IDSs) provide an important layer of security for computer systems and networks. An IDS's responsibility is to detect suspicious or unacceptable system and network activity and to alert a systems administrator to this ...
Building intrusion pattern miner for Snort network intrusion detection system

In this paper, we enhance the functionalities of Snort network-based intrusion detection system to automatically generate patterns of misuse from attack data, and the ability of detecting sequential intrusion behaviors. To that, we implement an ...
Intrusion Detection with Snort

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

LISA '99: Proceedings of the 13th USENIX conference on System administration

November 1999

309 pages

Publisher

USENIX Association

United States

Publication History

Published: 12 November 1999

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

599
Total Citations
View Citations
2
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 28 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Hsieh KWong MSegarra SMani SEberl TPanasyuk ANetravali RChandra RKandula SVanbever LZhang I(2024)NetVigilProceedings of the 21st USENIX Symposium on Networked Systems Design and Implementation10.5555/3691825.3691922(1771-1789)Online publication date: 16-Apr-2024
https://dl.acm.org/doi/10.5555/3691825.3691922
Wang H(2024)Enhancing Accuracy for Super Spreader Identification in High-Speed Data StreamsProceedings of the VLDB Endowment10.14778/3681954.368198817:11(3124-3137)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.14778/3681954.3681988
Nickel MGöhringer D(2024)A Survey on Architectures, Hardware Acceleration and Challenges for In-Network ComputingACM Transactions on Reconfigurable Technology and Systems10.1145/369951418:1(1-34)Online publication date: 10-Oct-2024
https://dl.acm.org/doi/10.1145/3699514
Le Glaunec AKong LMamouras K(2024)HybridSA: GPU Acceleration of Multi-pattern Regex Matching using Bit ParallelismProceedings of the ACM on Programming Languages10.1145/36897718:OOPSLA2(1699-1728)Online publication date: 8-Oct-2024
https://dl.acm.org/doi/10.1145/3689771
Li WMa DLi ZBao HWang SJin HZhang XLuo BLiao XXu JKirda ELie D(2024)Poster: Towards Real-Time Intrusion Detection with Explainable AI-Based DetectorProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3691410(4934-4936)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3691410
Mamouras KLe Glaunec ALi WChattopadhyay A(2024)Static Analysis for Checking the Disambiguation Robustness of Regular ExpressionsProceedings of the ACM on Programming Languages10.1145/36564618:PLDI(2073-2097)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656461
Ricks BTague PThuraisingham BNatarajan SNiu JVaidya J(2024)Utilizing Threat Partitioning for More Practical Network Anomaly DetectionProceedings of the 29th ACM Symposium on Access Control Models and Technologies10.1145/3649158.3657046(83-91)Online publication date: 24-Jun-2024
https://dl.acm.org/doi/10.1145/3649158.3657046
Freitas SGharib ASerra ESpezzano F(2024)GraphWeaver: Billion-Scale Cybersecurity Incident CorrelationProceedings of the 33rd ACM International Conference on Information and Knowledge Management10.1145/3627673.3680057(4479-4486)Online publication date: 21-Oct-2024
https://dl.acm.org/doi/10.1145/3627673.3680057
Wen ZKong LLe Glaunec AMamouras KYang KTsafrir DMusuvathi MGupta RAbu-Ghazaleh N(2024)BVAP: Energy and Memory Efficient Automata Processing for Regular Expressions with Bounded RepetitionsProceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 210.1145/3620665.3640412(151-166)Online publication date: 27-Apr-2024
https://dl.acm.org/doi/10.1145/3620665.3640412
Patel NMehtre BWankar R(2024)A computationally efficient dimensionality reduction and attack classification approach for network intrusion detectionInternational Journal of Information Security10.1007/s10207-023-00792-x23:3(2457-2487)Online publication date: 1-Jun-2024
https://dl.acm.org/doi/10.1007/s10207-023-00792-x
Show More Cited By

View Options

View options

Figures

Tables

Media

View Table of Conten