Enhancing intrusion detection system using distributed environment

Abstract EN

The study of Intrusion Detection System (IDS) has become an important aspect of network security.

As soon as the IDS detects a set of attacks it will generate many alerts referring to as security breaches.

Snort IDS is an open source IDS which is suffer from flooding vulnerability if it will be used with fast network.

To solve this problem, we suggest using several Snort sensors with one packet classifier.

Each one of these sensors contains a part of the overall signatures.

A packet classifier is built to distribute the flow over these Snort sensors, and to avoid spread of the same attack over more than one sensor and then avoid detection.

The experimental results, on DARPA 1999 data set, have shown that the efficiency of Snort is enhanced by about 30 %.