Why use Hogzilla IDS

Anomaly-based Intrusion Detection Systems have the following advantages when compared to the Pattern Matching (or signature-based) approach.

  • Can detect unknown attacks, which includes zero-days
  • Can deal with encrypted data
  • Do not require constant signature database updates

Currently, Hogzilla can DETECT:

  • Horizontal port scans
  • Vertical port scans
  • DDoS attacks
  • Abused SMTP servers
  • Servers/hosts being attacked
  • Hosts sending spams
  • Hosts connecting to botnets, executing scans or running worms
  • Hosts being used to execute a DDoS (amplification attacks)
  • P2P communications
  • Media streaming communications
  • DNS tunnels
  • ICMP tunnels
  • Among others

Hogzilla also provides VISIBILITY to your network. It can:

  • Identify, classify and generate charts about network servers
  • Identify Operating Systems for network hosts

Click here to see some screenshots

Hogzilla IDS also can be used as a framework for scientists to evaluate new anomaly-based approaches.

The name “Hogzilla” is inspired on the Snort’s pig and on the elephant, commonly used to refer to big-data technologies.