Can an intrusion detection system be written using Java? If so, what are the risks of using that language? If not, what is the best language to use?
A signature-based intrusion detection system is actually quite simple in functionality. The IDS maintains a database of signatures, which correspond to known attacks. The tool then monitors all network traffic, looking for anything that matches those signatures. The true art of intrusion detection lies in creating, maintaining and tuning the signature database over time.
There's no reason that you couldn't implement that functionality in any higher-level programming language, Java included. However, the added overhead inherent in executing platform-independent Java code probably makes it a poor choice for an IDS. You're probably better off with a compiled language.
That said, consider what you're hoping to accomplish by creating your own intrusion detection system. Maintaining the signature database is a difficult task, and you're probably better off going with one of the many quality commercial or open-source systems already available on the market.
Dig Deeper on Network intrusion detection and prevention (IDS-IPS)
Related Q&A from Mike Chapple
Explore the differences between wired and wireless network security, and read up on best practices to ensure security with or without wires. Continue Reading
Choosing to encrypt confidential data with AES or DES encryption is an important cybersecurity matter. Learn about the important differences between ... Continue Reading
It's not possible to eradicate the risk of DoS attacks, but there are steps infosec pros can take to reduce their impact. Mike Chapple shares ... Continue Reading