Hogzilla IDS

...big data technologies empowering your detection capabilities...

Latest News

New maintainer: From October/2019, the Hogzilla IDS will be maintained and supported by GuardianKey Cybersecurity. This partnership will bring fresh breath to Hogzilla IDS, enabling advances and improvements in the tool. GuardianKey will keep Hogzilla IDS as open-source and will offer an enterprise version of Hogzilla, which will be officially supported. More info about GuardianKey Cybersecurity in https://guardiankey.io .

Why use Hogzilla IDS

Anomaly-based Intrusion Detection Systems have the following advantages when compared to the Pattern Matching (or signature-based) approach.

  • Can detect unknown attacks, which includes zero-days
  • Can deal with encrypted data
  • Do not require constant signature database updates

Currently, Hogzilla can DETECT:

  • Horizontal port scans
  • Vertical port scans
  • DDoS attacks
  • Abused SMTP servers
  • Servers/hosts being attacked
  • Hosts sending spams
  • Hosts connecting to botnets, executing scans or running worms
  • Hosts being used to execute a DDoS (amplification attacks)
  • P2P communications
  • Media streaming communications
  • DNS tunnels
  • ICMP tunnels
  • Among others

Hogzilla also provides VISIBILITY to your network. It can:

  • Identify, classify and generate charts about network servers
  • Identify Operating Systems for network hosts

Click here to see some screenshots

Hogzilla IDS also can be used as a framework for scientists to evaluate new anomaly-based approaches.

The name “Hogzilla” is inspired on the Snort’s pig and on the elephant, commonly used to refer to big-data technologies.


Help-us to improve Hogzilla IDS. Take a look at our Roadmap and contribute suggesting or developing new features.

How to Contribute

  • Using, identifying bugs and proposing enhancements in our Issue Tracker.
  • Developing, by forking the project at GitHub and requesting pulls.
  • Documenting installation guides and tips & tricks.

Mailing List

Get help or contribute to the project subscribing to our list:

Issue Tracker

The official Issue Tracker for the Hogzilla IDS project is:


More about Hogzilla IDS

You can see more information about Hogzilla IDS in the Menu located at the top-right corner of the page.


Hogzilla is an open source Intrusion Detection System (IDS) supported by Snort, SFlows, GrayLog, Apache Spark, HBase and libnDPI, which provides Network Anomaly Detection. Hogzilla also gives visibility of the network.

The video on side illustrates the K-means clustering, which is one of many methods that Hogzilla can use to identify malicious activity.