Main
Workshops/Tracks
Call for Papers
Proceedings
Conference Schedule
Accepted Papers
Contacts
Program Committee
Invited Presentations and Tutorials
Travel Information
Accomodation
Registration
Sponsors
EPIA'03 - 11th Portuguese Conference on Artificial Intelligence

MAAII -- Multi-Agents and AI for the Internet

 Session: December 6, 14:45-16:15, Room A
Title: Using CLIPS to Detect Network Intrusions
Pedro Alípio, Paulo Carvalho, José Neves
Abstract: This paper shows how to build a network intrusion detection system by slightly modifying NASA's CLIPS source code, introducing features such as single and multiple string pattern matching, certainty factors and time-stamp operators. Several Snort functions and plugins were adapted and used for packet decoding and preprocessing to provide the basic requirements for such a system. The integration of CLIPS and Snort features allows the specification of complex stateful network intrusion detection heuristics which can model abstract attack scenarios. The results show that CLIPS can be useful to follow and correlate intruder activities by monitoring network traffic.
Back to schedule.