IPS - signature detection - query - Security

This is a discussion on IPS - signature detection - query - Security ; Hi All, I wish to write a module for signature based detection engine. Please anyone who knows about IPS/IDS development give me some samples or give me the information that which source file of snort implements signature detection. Thanks in ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: IPS - signature detection - query

  1. IPS - signature detection - query

    Hi All,
    I wish to write a module for signature based detection engine.
    Please anyone who knows about IPS/IDS development give me some samples
    or give me the information that which source file of snort implements
    signature detection. Thanks in advance.

    Regards,
    Halid Umar


  2. Re: IPS - signature detection - query

    Halid Umar A M wrote:

    > Hi All,
    > I wish to write a module for signature based detection engine.
    > Please anyone who knows about IPS/IDS development give me some samples
    > or give me the information that which source file of snort implements
    > signature detection. Thanks in advance.
    >


    Not something you know a lot about I guess. The answer is that the signature
    recognition system is a highly complex and optimized finite state machine.
    For most applications it's far too complex to design by hand so you need
    some AI. The problem with path searching systems is that its a particularly
    bad problem domain for finding local minima so 'fuzzier' approaches like
    genetic algorithms tend to work best.

    HTH

    C.


+ Reply to Thread