Snort-AI

Bringing intelligence to network security

  • Increase font size
  • Default font size
  • Decrease font size
Home About

About

E-mail Print PDF

Project

Description

This project aims to develop a family of Snort components (Detection plug-ins, preprocessors or output plug-ins) based on Artificial Intelligence technologies (i.e. Neural Networks, Fuzzy Logic, etc) to detect hostile traffic (portscan, XSS, SQL Injection, Directory transversal, Remote Buffer Overflow, etc).

Objectives

Long Term Objectives

  • To build a comprehensive knowledge base around network attacks (RBOF, XSS, SQLI) and other security compromises from the AI perspective.
  • To mature AI-based applications development to be applied over the field of network management.
  • To stimulate community to take AI technologies as feasible and reliable choices to solve problems usually addressed from a conventional programming point of view, where they apply.
Short Term Objectives
  • To complete the development of portscan-AI and other AI-based preprocessors and plugins.
  • To enhance, extend, and standardize the web console as a way to didactically watch the AI-based preprocessors behavior using its inputs ans outputs as metrics.
  • To generate development documentation about Snort as the needs make us dig deeper into its code.

Status

So far, there is only one Snort Preprocessors: Portscan-AI. As its name shows, it detects  portscan attacks. It's been benchmarked against the default one (based on rules) and the results are pretty good (memory consumption and amount of false positives/negatives are better than spp_portscan). More information about benchmark here (In spanish, translations are welcome).

See our roadmap here.

Team

Charles Bedón

I'm a colombian 26 years old Electronic and Telecommunications engineer with Telematics emphasis. Currently, I'm working around OSS/BSS integration and ITIL consultancy. I love soccer, music, rides to the country and FOSS. This is the very first project I've got involved as developer (I've participated before in others as translator and tester). Mail me to snookiex--at--gmail--dot--com

Alan Saied

Mainly involved in Network Security in particular DDoS  attacks and also work as a Linux SysAdmin and programmer. Snort-AI is an interesting project and we are working hard to improve and provide more and more secuirty plugins. Mail me on alan dot saied at gmail.com


Last Updated on Sunday, 14 February 2010 10:04