SNORT is popular Network Intrusion Detection System (NIDS) tool that currently uses a custom rule based system to identify attacks. This presentation emphasizes on writing the algorithm to write generate the rules through GA and the integration of them into nProbe, a similar network monitoring tool written by Luca Deri with a plug-in architecture.
Genetic Algorithms are dependent upon identifying attributes to describe a problem and evolving a desired population. In this case, the problem is an attack through the network and identifying the attack through connection property attributes. Genetic Algorithms depends upon training data. DARPA datasets provide training data, in categorized format (attack vs. normal) along with a corresponding raw network recorded format called tcpdump. nProbe has a plug-in architecture allowing for customization.
This presentation explains original code in C to evolve rules. It uses the same chromosome attributes used by Gong. The development verifies and contrasts against the research performed by Gong. It also presents the code for integration into nProbe.
For information on exhibition and sponsorship opportunities at the conference, contact Sharon Cordesse at firstname.lastname@example.org
Download the OSCON Sponsor/Exhibitor Prospectus
For media-related inquiries, contact Maureen Jennings at email@example.com
To stay abreast of conference news and to receive email notification when registration opens, please sign up for the OSCON Newsletter (login required)
Have an idea for OSCON to share? firstname.lastname@example.org
View a complete list of OSCON contacts