Hello everyone! I want to develop a Signature Based Distributed Intrusion Detection System (DIDS) to detect distributed intrusions in Cloud environment. Yes, I intend to deploy it in CloudStack.
I want to modify the correlation module to enhance detection capability already being provided by Snort. Can you please help me in selection of a good technique to improve correlation module? Thanks and Regards, Robert