/spade

The Staticstical Packet Anomaly Detection Engine (SPADE) - Snort plug-in from Silicon Defense mostly for finding packets that might be part of a (posssibly stealthy) portscan

Primary LanguageC

This is the Staticstical Packet Anomaly Detection Engine (SPADE), the formerly popular (circa 2001-2003) plug-in for snort (mostly) to help find packets that might be part of a (possibly stealthy) portscan.

Other than this README.md, the contents of this repo are the original Spade code for the version released 2003-01-25. For the (quite thorough) original README, see README.Spade.

This paper describes in detail the sophisticated approach being used:

This code is around 9-10k lines and manages its own memory. As a Snort plug-in, this needs to be very efficient since it is called on all network packets.

Not sure if this is the last version produced by Silicon Defense or not; it was from a few months before the company went under. I was the creator and maintainer of the project.