Should an intrusion detection system (IDS) be written using Java?
Can an intrusion detection system be written using Java? If so, what are the risks of using that language? If not, what is the best language to use?
A signature-based intrusion detection system is actually quite simple in functionality. The IDS
maintains a database of signatures, which correspond to known attacks. The tool then monitors all network traffic, looking for anything that matches those signatures. The true art of intrusion detection lies in creating, maintaining and tuning the signature database over time.
There's no reason that you couldn't implement that functionality in any higher-level programming language, Java included. However, the added overhead inherent in executing platform-independent Java code probably makes it a poor choice for an IDS. You're probably better off with a compiled language.
That said, consider what you're hoping to accomplish by creating your own intrusion detection system. Maintaining the signature database is a difficult task, and you're probably better off going with one of the many quality commercial or open-source systems already available on the market.
More information:In this exclusive screencast step-by-step demo, Tom Bowers explains how to use the Snort open source IDS tool.
Is Java security getting worse? Joel Dubin investigates the state of the programming language.
This was first published in February 2008