New Dataset for creating rules for snort IDS

Question

I am currently working on a project "Creating rules for network intrusion detection for snort IDS". snort IDS uses network packet header attributes(e.g. ttl,ip,etc.) for the rules. I am currently using KDD 1999 dataset for rule creation part. But, I am finding it hard to map KDD attributes to tcp header attributes. Is there any new dataset which i can use to create the rules for snort?

score 0 · Answer 1 · answered Apr 13 '15 at 01:00

0

it is better to use your own traffic trace.

wireshark or ms network monitor.

these tool help you collecting application's traffic.

http://snorgen.korea.ac.kr/ this web site might help you create snort rule.

answered Apr 13 '15 at 01:00

Sungho Yoon

1

score 0 · Answer 2 · answered Jul 27 '15 at 20:22

if you are mentioning about 44 kdd features, then notice that these are aggregated features (most of them). if you want to encode them in snort style rules, you need to reverse engineer (in a way) feature set i.e. from feature values to received packets. Snort has temporal style rules (if I remember) by which you can define rules across packets. I am not sure how much easy/difficult it is, though.

New Dataset for creating rules for snort IDS

2 Answers2