i-Guard:
Open-source, Software only, Intrusion Detection System
Nowadays, computer systems have become more vulnerable to intrusions than ever. However, there is a limited number of open-source solutions to intrusion detection. Commercial products and hardware solutions are far too expensive for low-end users and enterprises. Our current research efforts focus on a fast, open-source intrusion detection system based on Snort and enriched with a fast pattern-matching algorithm, E2xB. i-Guard, the system we propose, is faster than existing solutions, even when it operates under attack conditions. Furthermore, it can be installed in every system, as it is a software-only solution, with a minimal cost of installation and maintenance.
Members
Evangelos P. Markatos
Antonatos Spiros
Tsingos Dimitris
Availability
You can download a graphical installer for i-Guard in zip or tar.gz format. The installer was tested for most operating systems.
For installation and usage instructions, you can refer to online manual (also available in pdf format)
Publications
- S. Antonatos, K. G. Anagnostakis, E. P. Markatos, M. Polychronakis. Performance Analysis of Content Matching Intrusion Detection Systems. Proceedings of the International Symposium on Applications and the Internet (SAINT2004), January 2004 (to appear). (pdf)
- K. G. Anagnostakis, E. P. Markatos, S. Antonatos, and M. Polychronakis. E2xB: A domainspecific string matching algorithm for intrusion detection. Proceedings of the 18th IFIP International Information Security Conference (SEC2003), May 2003. (pdf)
- E.P Markatos, S. Antonatos, M. Polychronakis and K.G Anagnostakis.
ExB: Exclusion-based signature matching for intrusion detection.
Proceedings of the IASTED
International Conference on Communications and Computer Networks (CCN),
pp. 146-152, Cambridge, USA, November 2002 (pdf
).
Funding
Fudning for this project is provided by the General Secretariat for Research and Technology through program PRAXE 02-210 "i-Guard: an integrated intrusion detection system for the Internet"
