Home
Snort +AI Project [FAQ | Downloads | Development]


Go to oficial site of the project click here

Objectives

Generate a family of Snort plug-ins (Detection plug-ins, preprocessors or output plug-ins) based on Artificial Intelligence (AI) technologies (i.e. Artificial Neural Networks or Fuzzy Logic) to detect different kinds of hostile traffic.

Why Artificial Intelligence?

In case of neural networks, using this technique simplifies developers work, since it is not necessary write source code to create one. It is just necessary to have adequate simulation tools, and they will create the code for you.
Artificial Intelligence techniques can be used to learn the network behavior and then filter alarms reported by the IDS, to reduce false alarms.
Nowadays, Artificial Intelligence makes possible detect small variations of known attacks using abstraction or human like reasoning.
May be in the future, AI can replace the use of static rules and signatures, detecting big variations and new unknown attacks like a security expert would do.

Team:

Andres Arboleda Developer
Charles Bedon Developer
Siler Amador Director

Results at the moment:

First result of the project is an open source preprocessor called PortscanAI, which uses an Artificial Neural Network to detect portscans. The tests show PortscanAI works well detecting one-to-one and one-to-many portscans even with decoy techniques.
More information can be found at development section.