Updating snort with a customized controller to thwart port scanning

Wassim El-Hajj, Hazem Hajj, Zouheir Trabelsi, Fadi Aloul

Research output: Contribution to journalArticlepeer-review

7 Citations (Scopus)


Wired and wireless networks are being attacked and hacked on continuous basis. One of the critical pieces of information the attacker needs to know is the open ports on the victim's machine, thus the attacker does what is called port scanning. Port scanning is considered one of the dangerous attacks that intrusion detection tries to detect. Snort, a famous network intrusion detection system (NIDS), detects a port scanning attack by combining and analyzing various traffic parameters. Because these parameters cannot be easily combined using a mathematical formula, fuzzy logic can be used to combine them; fuzzy logic can also reduce the number of false alarms. This paper presents a novel approach, based on fuzzy logic, to detect port scanning attacks. A fuzzy logic controller is designed and integrated with Snort in order to enhance the functionality of port scanning detection. Experiments are carried out in both wired and wireless networks. The results show that applying fuzzy logic adds to the accuracy of determining bad traffic. Moreover, it gives a level of degree for each type of port scanning attack.

Original languageEnglish
Pages (from-to)807-814
Number of pages8
JournalSecurity and Communication Networks
Issue number8
Publication statusPublished - Aug 2011


  • Fuzzy logic
  • Intrusion detection system
  • Port scanning
  • Snort

ASJC Scopus subject areas

  • Information Systems
  • Computer Networks and Communications


Dive into the research topics of 'Updating snort with a customized controller to thwart port scanning'. Together they form a unique fingerprint.

Cite this