Lead Image © sarah maher, 123RF.com
OPNids: Suricata with built-in machine learning
Packet Checker
Intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) are some of the classic tools in the administrator's toolbox to counter sophisticated attacks. One popular Linux candidate is the highly functional Suricata [1] (Figure 1).
Figure 1: Suricata is a comprehensive tool for detecting digital attacks. © Linux Screenshots (USA)
Various databases house online attack signatures for Suricata, which the tool uses to examine the data traffic and detect attacks. Much like antivirus programs, however, Suricata can only detect attacks with identified signatures. With the progress made in machine learning over the past few years, efforts have been made to generate new signatures automatically with artificial intelligence (AI) and to enter them into Suricata.
In this article, I first look into Suricata in detail and then introduce the Dragonfly machine learning engine (MLE) [2] specifically designed for Suricata. Finally, I look at OPNids [3], a fork of the OPNsense firewall and routing software that integrates Suricata and Dragonfly.
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Detecting intruders with Suricata
If you're looking for an intrusion detection and prevention system, it pays to shop around. Suricata offers scalable performance and an impressive set of features – it even supports Snort rulesets. - Suricata Intrusion Detection System Fixes Bugs
-
Security analysis with Security Onion
Security Onion offers a comprehensive security suite for intrusion detection that involves surprisingly little work. -
Centralized monitoring and intrusion detection
Security Onion bundles numerous individual Linux tools that help you monitor networks or fend off attacks to create a standardized platform for securing IT environments. -
Arm yourself against cloud attacks
We present approaches and solutions for protecting yourself against attacks in the cloud.