Silicon Defense provides Snort Support and Spade a Stealthy Portscan and Intrusion Correlation Engine called along with their IDS snort commercial intrusion detection services


The Stealthy Portscan and Intrusion Correlation Engine, is a project at Silicon Defense to detect portscans, even those in which the attacker has attempted to make the scan stealthy. For example, they may have slowed down the scan or randomized it. A paper on our approach was accepted to the CCS IDS Workshop in Athens and we presented it there on November 1, 2000. Here is a later version of the paper [1000k, PDF] that appeared in the Journal of Computer Security.

The basic idea with Spice is to monitor a network's packets. Each packet is assigned an anomaly score based on the normal traffic observed on the network. The higher the score, the more unusual and possibly suspicious the packet is. These are then passed to a correlator which groups related packets together and reports portscans. The correlator is under active development, but an implementation of the anomaly sensor called SPADE has been released and will be incorporated in future CounterStealthTM products.


Spade stands for the Statistical Packet Anomaly Detection Engine. It is a
Snort preprocessor plugin which sends alerts of anomalous packet through standard Snort reporting mechanisms.

Download Spade here:

Spade-030125.1.tgz (the full 030125.1 distribution) [101k]

You might want to look at these files (they are included in the distribution):

  • README (an overview of Spade and how get going with it)
  • Installation (how to install)
  • Usage (how to use and configure)
  • Changes (change log)
  • COPYING (Spade's licence: the GNU General Public License)
The above is for Snort 1.9.0 (and betas). It might also work for previous versions of Snort (though the installation will be more manual. In any case, this older version of Spade is known to work with Snort 1.6.3 through 1.8.7: Spade-010818.1.tar.gz

Mailing list:

You are invited to join the Spade-users mailing list. This is someplace you can ask questions, make comments/suggestions, or just talk about Spade. Join or search archives from here.