Go to oficial site of the project click here
|
Objectives Generate a family of Snort plug-ins (Detection plug-ins, preprocessors or output
plug-ins) based on Artificial Intelligence (AI) technologies (i.e. Artificial Neural Networks or Fuzzy
Logic) to detect different kinds of hostile traffic.
|
Why Artificial Intelligence? In case of neural networks, using this technique simplifies
developers work, since it is not necessary write source code to create one. It is just necessary to have
adequate simulation tools, and they will create the code for you.
Artificial Intelligence techniques can be used to learn the network behavior and then filter alarms
reported by the IDS, to reduce false alarms.
Nowadays, Artificial Intelligence makes possible detect small variations of known attacks using
abstraction or human like reasoning.
May be in the future, AI can replace the use of static rules and signatures, detecting big variations
and new unknown attacks like a security expert would do.
|
Team:
Andres Arboleda |
Developer |
Charles Bedon |
Developer |
Siler Amador |
Director |
|
Results at the moment:
First result of the project is an open source preprocessor called PortscanAI, which uses an Artificial
Neural Network to detect portscans. The tests show PortscanAI works well detecting one-to-one and
one-to-many portscans even with decoy techniques.
More information can be found at development section.
|