Speed enhancement of snort network intrusion detection system

Abstract EN

Network Intrusion Detection System (NIDS) is a security technology that attempts to identify intrusions.

Snort is an open source NIDS which enables us to detect the previously known intrusions.

However, Snort NIDS has several problems one of them is the efficiency problem.

We suggest using distributed environment in order to enhance it.

We achieved this goal by enhancing the Snort’s string matching engine through using a LAN of computers, where each computer in the LAN matching a subset of the monitored attacks.

The experimental results show that it is possible to improve Snort’s efficiency using distributed environment.