Forgot your password?
typodupeerror
Security Linux Technology

New Open Source Intrusion Detector Suricata Released 44

Posted by timothy
from the open-but-not-promiscuous dept.
richrumble writes "The OISF has released the beta version of the Suricata IDS/IPS engine: The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-Threading, Automatic Protocol Detection (IP, TCP, UDP, ICMP, HTTP, TLS, FTP and SMB! ), Gzip Decompression, Fast IP Matching and coming soon hardware acceleration on CUDA and OpenCL GPU cards."
This discussion has been archived. No new comments can be posted.

New Open Source Intrusion Detector Suricata Released

Comments Filter:
  • Re:huh (Score:2, Informative)

    by richrumble (988398) on Thursday December 31, 2009 @05:01PM (#30610310)
    From the INSTALL doc:Suricata is compatible with standard Snort rulesets. A sample standard configuration file can be found in the Suricata base directory. This file is called 'suricata.yaml'. I've just now got it installed, going to investigate further...
  • Re:Promising (Score:5, Informative)

    by FooAtWFU (699187) on Thursday December 31, 2009 @05:14PM (#30610438) Homepage
    That is interesting to me. CUDA can easily provide parallelization of bulk mathematical operations, but it's notoriously weak with conditional logic. Are they doing a whole lot of math on the side -- perhaps with some fancy anomaly-detection algorithms that work by clustering packet attributes in multidimensional spaces, or approximate nonnegative matrix factorization, or such?
  • Re:Promising (Score:5, Informative)

    by PatDev (1344467) on Thursday December 31, 2009 @05:38PM (#30610600)

    Maybe I'm missing something, but as someone who has working with the techniques referenced in the parent post - I'm not sure where the funny mod came from. Both clustering packet attributes and nonnegative matrix factorizations could be used for anomaly detection. And as someone who has also worked on CUDA a good bit, I think both of those problems have solutions that fit CUDA's concurrency model.

    I get the impression that the mods saw big words and assumed this was a joke about buzzwords, but in fact that's a reasonable approach to this problem.

  • More info (Score:4, Informative)

    by methamorph (950510) on Thursday December 31, 2009 @05:47PM (#30610662)
    Since the original site is slashdoted some more info can be read here [seclists.org]

It was kinda like stuffing the wrong card in a computer, when you're stickin' those artificial stimulants in your arm. -- Dion, noted computer scientist

Working...