The Scenario Driven Intrusion Detection System (SDIDS) has the ability to identify attack scenarios involving multiple packets and to passively gather information about the monitored network. Providing context with intrusion alarms is useful to both network managers and security analysts in charge of protecting the network. SDIDS is a context-aware Intrusion Detection System (IDS) that correlates relevant contextual information with security alarms to automatically reduce the number of false positives. The contextual information can also be directly viewed at any time by network managers in order to validate high-level security policies or to acquire information about what is happening on the network.

The SDIDS is being developed by the Network Security Research Group at the Communications Research Centre (CRC) in collaboration with Laval University. The SDIDS engine is based on solid theoretical background, such as Metric Temporal Logic (MTL). SDIDS goes beyond individual packet analysis commonly used in open source and commercial IDS. The uniqueness of this approach is in the use of a lightweight multiple-packet scenario recognition algorithm that allows SDIDS to perform both intrusion detection and information gathering. The SDIDS is programmed in C and Java and is an evolution of the Passive Network Monitoring Tool (PNMT) developed at CRC for network monitoring and analysis.

Further details can be found here