I am interesting in writing a simple java code for intrusion detection system(IDS). This can be a simple application for my understanding purpose. And I am gonna use pattern matching algorithm (KMP) for this. The IDS also will be an Signature based ( for my simple understanding) . So I might have a simple data set (having known attacks) in some file format. Now my question is , before applying pattern matching algorithm, I need to construct a finite automata (DFA) to recognize the patterns. So how to do all this in java code? and I searched a lot from google and some research paper. But can someone explain in a easy way?
Will this be a HIDS or NIDS?
One good answer is here: https://searchsecurity.techtarget.com/answer/Should-an-intrusion-detection-system-IDS-be-written-using-Java
And a great read here: https://www.researchgate.net/publication/239499071_Java-Based_Intrusion_Detection_System_in_a_Wired_Network
Find what is already out there and upgrade it to the way you want it. In all its open source glory.
If NIDS, Something like Snort, which is written in C. Snort is a packet sniffer that monitors network traffic in real time, scrutinizing each packet closely to detect payloads or suspicious anomalies. There is the binary, configuration file, signature/rules files.
Then you would get into the realm of opening a socket, reading packets at high speeds, packet matching algorithms vs the signature/rules files to then stdout or log matches.