Enhancing community SQL injection rule in intrusion detection system using snort with email notifications / Nur Athirah Noor Mohamad, Noor Ashitah Abu Othman and Mohd Hafifi Mohd Supir

This project focuses on enhancing the precision and recall rates of community-based intrusion detection systems, specifically targeting SQL injection attacks within the context of Snort. The study involves the integration of modified rules employing PCRE (Perl Compatible Regular Expressions) and fast pattern matching to improve the accuracy and performance of the intrusion detection system. Experimental results demonstrate a notable reduction in false positives and a perfect recall rate, showcasing the efficacy of the enhanced rules. The virtualized testing environment, comprising a Snort-protected server, a simulated attacker using Kali Linux and Metasploitable 2, and a vulnerable system facilitates a thorough evaluation of Snort's response to cyber threats. While acknowledging limitations and the controlled nature of the testing, this research emphasizes the importance of leveraging advanced technologies to fortify intrusion detection systems against evolving cybersecurity challenges. The incorporation of PCRE and fast pattern matching stands as a significant contribution to improving rule matching accuracy and overall system efficiency in the dynamic landscape of cybersecurity.