Skip to Main content Skip to Navigation
Journal articles

Optimisation de la détection de Snort par le préprocesseur Global SPADE

Abstract : In this paper, we propose a new intrusion detection system (IDS) approach based on the Snort IDS. In fact, current IDS showed unsatisfactory performances in terms of detection. Snort is a prevention and intrusion detection system, which combines the techniques of based-signature detection and based-statistical detection; the latter is the case of the preprocessor SPADE which is based on the probabilities and the Bayesian networks in order to identify scores of abnormal packets in an IP network. SPADE improves the detection yet it increases the number of the false positive alarms. For these reasons, we propose a cooperation approach among the SPADE preprocessors of several IDS, in order to improve the intrusions detection and minimize the number of the false positive alarms. In this article, we present the architecture of our Global SPADE preprocessor. We believe that this approach should optimize the detection capability in a fully distributed and autonomous environment.
Document type :
Journal articles
Complete list of metadatas

https://hal-utt.archives-ouvertes.fr/hal-02618734
Contributor : Jean-Baptiste Vu Van <>
Submitted on : Monday, May 25, 2020 - 3:23:10 PM
Last modification on : Friday, October 16, 2020 - 12:42:12 AM

Identifiers

  • HAL Id : hal-02618734, version 1

Collections

Citation

Rida Khatoun, Dominique Gaïti, Leila Merghem-Boulahia, Ahmed Serhrouchni. Optimisation de la détection de Snort par le préprocesseur Global SPADE. REE - Revue de l’électricité électronique, See, 2008, 9 (79), pp.88-93. ⟨hal-02618734⟩

Share

Metrics

Record views

12