i d s r e s e a r c h . o r g  ::  about intrusion detection    a b o u t  
   
   
   
   
   
   
   
   
   
   
 -: m e n u :- 
 +  home
   projects
 +  papers
 +  code
 +  links
Snort IDS  ::  updated 1.26.2004
Daniel Roelker, Marc Norton
 
    
The Snort IDS project page contains papers and code that mnorton and djr have contributed to the Snort IDS. To date, the most significant contributions have been the new Snort 2.0 detection engine, containing the rule optimizer, the high-speed multi-rule detection engine, and the protocol flow analyzer.

We've also contributed a performance monitor preprocessor that measures the relative and absolute performance of Snort on your machine and gives a breakdown of the network traffic and flows that Snort is analyzing.

Coming soon is a new HTTP protocol decoder that handles the evasions that are discussed in the HTTP IDS Evasions project.

Dowload Papers:
  Snort™ High Performance Multi-Rule Inspection Engine
  Snort™ Protocol Flow Analyzer
  Snort™ Rule Optimizer

Download Code:
  High Performance Multi-Rule Inspection Engine
   fpcreate.c fpcreate.h
   fpdetect.c fpdetect.h
   mpse.c mpse.h
   mwm.c mwm.h
   acsmx.c acsmx.h
   bitop.h

   Rule Optimizer
   pcrm.c pcrm.h

   Performance Monitor
   perf.c perf.h
   perf-base.c perf-base.h
   perf-flow.c perf-flow.h
   perf-event.c perf-event.h
   spp_perfmonitor.c spp_perfmonitor.h