i d s r e s e a r c h . o r g  ::  about intrusion detection    a b o u t  
 -: m e n u :- 
 +  home
 +  papers
 +  code
 +  links
Snort IDS  ::  updated 1.26.2004
Daniel Roelker, Marc Norton
The Snort IDS project page contains papers and code that mnorton and djr have contributed to the Snort IDS. To date, the most significant contributions have been the new Snort 2.0 detection engine, containing the rule optimizer, the high-speed multi-rule detection engine, and the protocol flow analyzer.

We've also contributed a performance monitor preprocessor that measures the relative and absolute performance of Snort on your machine and gives a breakdown of the network traffic and flows that Snort is analyzing.

Coming soon is a new HTTP protocol decoder that handles the evasions that are discussed in the HTTP IDS Evasions project.

Dowload Papers:
  Snort™ High Performance Multi-Rule Inspection Engine
  Snort™ Protocol Flow Analyzer
  Snort™ Rule Optimizer

Download Code:
  High Performance Multi-Rule Inspection Engine
  fpcreate.c fpcreate.h
  fpdetect.c fpdetect.h
  mpse.c mpse.h
  mwm.c mwm.h
  acsmx.c acsmx.h

  Rule Optimizer
  pcrm.c pcrm.h

  Performance Monitor
  perf.c perf.h
  perf-base.c perf-base.h
  perf-flow.c perf-flow.h
  perf-event.c perf-event.h
  spp_perfmonitor.c spp_perfmonitor.h