Homework #4 - Network Intrusion Detection Systems - Due Wed Sep 7, 11PM
<-- But definitely have *something* on Snort, as subsequent lectures
draw upon familiarity with it. -->
Turn in this assignment via email (email@example.com, plain text)
by the due date, with the term Homework in the Subject.
Read the paper
Bro: A System for Detecting Network Intruders in Real-Time, Vern Paxson, Computer Networks, 31(23-24), pp. 2435-2463, 14 Dec. 1999.
(It's fine to skip the appendix.)
Briefly write up your views of:
- What are the main contributions of this paper?
- What parts of the paper do you find unclear? (optional)
- What parts of the paper are questionable? (That is, you think a
conclusion may be wrong, an approach or evaluation technically
flawed, or data ill-presented.)
- A popular freeware NIDS today is Snort. What can
you determine about its overall architecture and its model
of how to detect attacks? What do you see as its strength
Do one of the following:
- Investigate (say a half hour's worth) a modern commercial
intrusion detection/prevention system. (It's fine if it's
host-based rather than network-based.) What you can determine
about its technical underpinnings? How does its approach compare
to those of Bro and Snort? Provide URL(s) to the information you
used in your assessment.
- Familiarize yourself with the current state of Bro has
discussed at the Bro web site.
What changes/enhancements to the system strike you as the most
significant compared to what's described in the original paper?
What changes/enhancements did you expect to find (in terms of
being important) that you didn't? Why do you think those are