Updating snort with a customized controller to thwart port scanning

Wired and wireless networks are being attacked and hacked on continuous basis. One of the critical pieces of information the attacker needs to know is the open ports on the victim’s machine, thus the attacker does what is called port scanning. Port scanning is considered one of the dangerous attacks that intrusion detection tries to detect. Snort, a famous network intrusion detection system (NIDS), detects a port scanning attack by combining and analyzing various traffic parameters. Because these parameters cannot be easily combined using a mathematical formula, fuzzy logic can be used to combine them; fuzzy logic can also reduce the number of false alarms. This paper presents a novel approach, based on fuzzy logic, to detect port scanning attacks. A fuzzy logic controller is designed and integrated with Snort in order to enhance the functionality of port scanning detection. Experiments are carried out in both wired and wireless networks. The results show that applying fuzzy logic adds to the accuracy of determining bad traffic. Moreover, it gives a level of degree for each type of port scanning attack.