AI-driven snort-based intrusion detection system for cloud networks
Presentation Type
Abstract
Faculty Advisor
Bharath Kumar Samanthula
Access Type
Event
Start Date
25-4-2025 1:30 PM
End Date
25-4-2025 2:29 PM
Description
As cyber threats grow in complexity, traditional Snort-based Intrusion Detection Systems (IDS) face limitations in detecting sophisticated attacks such as zero-day exploits and network anomalies. This project introduces an AI-enhanced Network Intrusion Detection System (NIDS) that integrates Snort with Machine Learning (ML) to improve real-time threat detection in cloud environments. The system operates within a virtualized testbed using VirtualBox, where real-world cyberattacks (e.g., SYN floods, brute-force attacks, and port scans) are simulated using tools such as Nmap, Hydra, and Nikto. Network packets are captured and analyzed with Scapy, and an ML model is trained using Scikit-Learn to classify network activity as benign or malicious. The model leverages key network attributes, including protocol type, TCP flags, packet length, and TTL values to detect anomalies that traditional rule-based IDS might overlook. This research demonstrates the effectiveness of hybrid intrusion detection, where signature-based detection (Snort) is enhanced by behavioral analysis (ML) to improve threat detection accuracy. The system is evaluated based on detection rates, false positives, and processing efficiency, showcasing its potential for next-generation cybersecurity solutions in cloud computing and enterprise networks. (Tools & Technologies: Snort, Python, Scapy, Scikit-Learn, Nmap, VirtualBox, Linux, Network Traffic Analysis, Machine Learning)
AI-driven snort-based intrusion detection system for cloud networks
As cyber threats grow in complexity, traditional Snort-based Intrusion Detection Systems (IDS) face limitations in detecting sophisticated attacks such as zero-day exploits and network anomalies. This project introduces an AI-enhanced Network Intrusion Detection System (NIDS) that integrates Snort with Machine Learning (ML) to improve real-time threat detection in cloud environments. The system operates within a virtualized testbed using VirtualBox, where real-world cyberattacks (e.g., SYN floods, brute-force attacks, and port scans) are simulated using tools such as Nmap, Hydra, and Nikto. Network packets are captured and analyzed with Scapy, and an ML model is trained using Scikit-Learn to classify network activity as benign or malicious. The model leverages key network attributes, including protocol type, TCP flags, packet length, and TTL values to detect anomalies that traditional rule-based IDS might overlook. This research demonstrates the effectiveness of hybrid intrusion detection, where signature-based detection (Snort) is enhanced by behavioral analysis (ML) to improve threat detection accuracy. The system is evaluated based on detection rates, false positives, and processing efficiency, showcasing its potential for next-generation cybersecurity solutions in cloud computing and enterprise networks. (Tools & Technologies: Snort, Python, Scapy, Scikit-Learn, Nmap, VirtualBox, Linux, Network Traffic Analysis, Machine Learning)
Comments
Poster presentation at the 2025 Student Research Symposium.