Anomaly-based Intrusion Detection Systems have the following advantages when compared to the Pattern Matching (or signature-based) approach.
- Can detect unknown attacks, which includes zero-days
- Can deal with encrypted data
- Do not require constant signature database updates
Currently, Hogzilla can DETECT:
- Horizontal port scans
- Vertical port scans
- DDoS attacks
- Abused SMTP servers
- Servers/hosts being attacked
- Hosts sending spams
- Hosts connecting to botnets, executing scans or running worms
- Hosts being used to execute a DDoS (amplification attacks)
- P2P communications
- Media streaming communications
- DNS tunnels
- ICMP tunnels
- Among others
Hogzilla also provides VISIBILITY to your network. It can:
- Identify, classify and generate charts about network servers
- Identify Operating Systems for network hosts
Click here to see some screenshots
Hogzilla IDS also can be used as a framework for scientists to evaluate new anomaly-based approaches.
The name “Hogzilla” is inspired on the Snort’s pig and on the elephant, commonly used to refer to big-data technologies.