DocumentCode
3747493
Title
Automatic SNORT IDS rule generation based on honeypot log
Author
Albert Sagala
Author_Institution
Cyber Security Research Centre, Faculty of Informatics & Electrical, Del Institute of Technology, Toba Samosir, Indonesia
fYear
2015
Firstpage
576
Lastpage
580
Abstract
The main objective of this research is to integrate honeypot and IDS, which can generate and activate snort rule automatically based on the data sending by honeypot server. The new technic is present in this paper, honeypot will collect the data, send the data to IDS, and then IDS will evaluate and generate the rules automatically. Rule that has been made will be active to filter packets sent by the user on the network. We compare rule generated automatically with default rule in snort system for the same pattern. The performance of the proposed technique was evaluated by measuring the effectiveness of IDS server from the attacking.
Keywords
"Servers","Intrusion detection","Production","IP networks","Information technology","Electrical engineering"
Publisher
ieee
Conference_Titel
Information Technology and Electrical Engineering (ICITEE), 2015 7th International Conference on
Type
conf
DOI
10.1109/ICITEED.2015.7409013
Filename
7409013
Link To Document