An Intelligence Defense System with SNORT Rules

Misconfiguration of firewall rules has always been considered a serious issue. The handwritten rule is messy and buggy under the increasingly complex firewall architecture. To avoid being attacked behind an insecure firewall. This study defines an intelligence defense system. Combined with data analysis, feature extraction, optimization, and firewall technology. Its main purpose is to replace handwritten firewall rules and provide immediate and reliable protection against diversified attacks. In the verification, 68,936,206 packets collected by Cowrie honeypot were used as the test data. The accuracy rate of classifying different attack behaviors reached 99.5%, and the packet coverage of Snort rules also achieved 98%. This thesis proposes a system that can effectively identify and defend from diverse attacks.